Xinyang Ge

**Name of the Vulnerable Software and Affected Versions** Firecracker versions 1.13.0 through 1.14.3 Firecracker version 1.15.0 **Description** An out-of-bounds write issue exists in the virtio PCI transport on x86 64 and aarch64 architectures. A local guest user with root privileges can exploit this by modifying virtio queue configuration registers after device activation to crash the Firecracker VMM process or potentially execute arbitrary code on the host. Host code execution requires additional preconditions, such as specific snapshot configurations or the use of a custom guest kernel. **Recommendations** For versions 1.13.0 through 1.14.3, upgrade to version 1.14.4 or later. For version 1.15.0, upgrade to version 1.15.1 or later.