CVE-2026-5747 - Out-of-bounds Write in Firecracker virtio-pci Transport
摘要
Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services.
正文
Bulletin ID: 2026-015-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/07 15:30 PM PDT Description: Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services. We identified CVE-2026-5747, an out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 that might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. No AWS service is affected. Impacted versions: Firecracker >= 1.13.0 AND <= 1.14.3 AND 1.15.0 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
标签
- bulletin:2026-015-aws
- severity:important-requires-attention
- vendor:aws
扩展字段
{
"author": "[email protected]",
"bulletin_id": "2026-015-AWS",
"content_type": "Important (requires attention)",
"details": {
"Bulletin ID": "2026-015-AWS",
"Content Type": "Important (requires attention)",
"Impacted versions": "Firecracker >= 1.13.0 AND <= 1.14.3 AND 1.15.0",
"Publication Date": "2026/04/07 15:30 PM PDT",
"Scope": "AWS"
},
"publication_detail": "2026/04/07 15:30 PM PDT",
"scope": "AWS"
}