CVE-2026-5747
- EPSS 0.21%
- Veröffentlicht 07.04.2026 23:17:23
- Zuletzt bearbeitet 01.06.2026 12:52:52
An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x86_64 and aarch64 might allow a local guest user with root privileges to crash the Firecracker VMM process or potentially execute arbitrary c...
- EPSS 0.2%
- Veröffentlicht 23.01.2026 20:25:02
- Zuletzt bearbeitet 30.01.2026 16:57:56
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a s...
CVE-2020-27174
- EPSS 1.72%
- Veröffentlicht 16.10.2020 05:15:11
- Zuletzt bearbeitet 21.11.2024 05:20:49
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly o...
CVE-2020-16843
- EPSS 1.67%
- Veröffentlicht 04.08.2020 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:07:15
In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability p...
CVE-2019-18960
- EPSS 3.25%
- Veröffentlicht 11.12.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:33:55
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.