8.7
CVE-2026-5747
- EPSS 0.21%
- Veröffentlicht 07.04.2026 23:17:23
- Zuletzt bearbeitet 01.06.2026 12:52:52
- Quelle ff89ba41-3aa1-4d27-914a-91399e
- CVE-Watchlists
- Unerledigt
Out-of-bounds Write in Firecracker virtio-pci Transport
An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary code on the host via modification of virtio queue configuration registers after device activation. Achieving code execution on the host requires additional preconditions, such as the use of a custom guest kernel or specific snapshot configurations. To remediate this, users should upgrade to Firecracker 1.14.4 or 1.15.1 and later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amazon ≫ Firecracker Version >= 1.13.0 <= 1.14.3
Amazon ≫ Firecracker Version1.15.0 Update-
Amazon ≫ Firecracker Version1.15.0 Updatedev
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.108 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.7 | 0 | 0 |
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.5 | 0.8 | 6 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-369 Divide By Zero
The product divides a value by zero.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://github.com/firecracker-microvm/firecracker/releases/tag/v1.15.1
https://github.com/firecracker-microvm/firecracker/releases/tag/v1.14.4
https://aws.amazon.com/security/security-bulletins/2026-015-aws/
https://github.com/firecracker-microvm/firecracker/security/advisories/GHSA-776c-mpj7-jm3r