{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5747/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-5747"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-5747","firecracker","out-of-bounds write","vmm","virtio"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-5747 is an out-of-bounds write vulnerability affecting the virtio PCI transport implementation in Amazon Firecracker versions 1.13.0 through 1.14.3 and 1.15.0, specifically on x86_64 and aarch64 architectures. This vulnerability could be exploited by a malicious local guest user who has gained root privileges within the guest operating system. Successful exploitation could lead to a denial-of-service condition by crashing the Firecracker Virtual Machine Monitor (VMM) process. In scenarios where specific preconditions are met, such as the usage of a custom guest kernel or particular snapshot configurations, this vulnerability can also potentially lead to arbitrary code execution on the host system. Defenders should upgrade to Firecracker versions 1.14.4 or 1.15.1 or later to remediate the issue.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains root privileges within a Firecracker guest OS.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the Firecracker VMM version running on the host, confirming it is within the vulnerable range (1.13.0 - 1.14.3 or 1.15.0).\u003c/li\u003e\n\u003cli\u003eThe attacker modifies virtio queue configuration registers after device activation. This is the trigger point for the vulnerability, exploiting the out-of-bounds write.\u003c/li\u003e\n\u003cli\u003eThe crafted write operation corrupts memory within the Firecracker VMM process.\u003c/li\u003e\n\u003cli\u003eIf the memory corruption is limited, this may cause a denial-of-service by crashing the VMM process.\u003c/li\u003e\n\u003cli\u003eIf specific preconditions are met (custom guest kernel, specific snapshot configurations), the memory corruption allows for arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker executes malicious code within the context of the Firecracker VMM process on the host.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves persistence or performs further malicious actions on the host system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5747 can lead to a denial-of-service condition, disrupting the services hosted on affected Firecracker instances. In certain circumstances, this vulnerability can escalate to arbitrary code execution on the host, potentially compromising the entire system and any other virtual machines hosted on it. This can lead to data breaches, system instability, and complete loss of control over the compromised host. The severity is dependent on the environment configuration and the attacker\u0026rsquo;s capabilities, ranging from service disruption to full host compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade all Firecracker installations to versions 1.14.4 or 1.15.1 or later to patch CVE-2026-5747, as recommended by the vendor.\u003c/li\u003e\n\u003cli\u003eMonitor Firecracker guest OS instances for unauthorized attempts to modify virtio queue configuration registers to detect potential exploitation attempts related to CVE-2026-5747.\u003c/li\u003e\n\u003cli\u003eImplement strict access control policies within the guest operating systems to minimize the risk of attackers gaining root privileges, thus reducing the attack surface for CVE-2026-5747.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T00:16:05Z","date_published":"2026-04-08T00:16:05Z","id":"/briefs/2026-04-firecracker-oob-write/","summary":"An out-of-bounds write vulnerability in Amazon Firecracker's virtio PCI transport (CVE-2026-5747) allows a local guest user with root privileges to potentially crash the VMM process or execute arbitrary code on the host.","title":"Amazon Firecracker Virtio PCI Out-of-Bounds Write Vulnerability (CVE-2026-5747)","url":"https://feed.craftedsignal.io/briefs/2026-04-firecracker-oob-write/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5747","version":"https://jsonfeed.org/version/1.1"}