Firecracker v1.16.0

Added

• #5786: Added developer preview support for hotplugging and hot-unplugging PCI virtio devices (block, pmem, net) on a running microVM. The guest must manually rescan the PCI bus after hotplug and remove the device before unplug since no automatic notification mechanism is implemented yet. More information can be found in the Device Hotplugging documentation page.
• #5323: Add support for Vsock Unix domain socket path overriding on snapshot restore. More information can be found in the docs.
• #5824: Add optional rate limiting to serial console output, configurable via the rate_limiter field on PUT /serial. A new metric is exposed under uart: rate_limiter_dropped_bytes.
• #5799: Add per-callsite rate limiting for error, warn, and info level log messages. Each callsite independently allows up to 10 messages per 5-second window. When logging resumes after suppression, a warn-level summary reports the count of suppressed messages. A new rate_limited_log_count metric tracks the total number of suppressed messages.
• #5789: Add rate-limiter support to virtio-pmem device to allow control over I/O bandwidth generated by the FLUSH requests from the guest.
• #5872: Add notification suppression support in the virtio-vsock device via the EVENT_IDX virtio feature to reduce device overhead.
• #5828: Advertise MTU to the guest via VIRTIO_NET_F_MTU using a new optional mtu field in the network-interfaces API. When set, a compatible guest driver will configure the interface with the specified MTU.
• #5906: Add rng-seed FDT node for aarch64 guests which provides an initial random seed for the guest to use. This helps older aarch64 machines which do not have hardware random generators.
• Added support for Linux 6.18 host kernels alongside the existing 5.10 and 6.1 host kernels. See the kernel support policy for details.

Fixed

• #5762: Cap virtio-rng per-request entropy to 64 KiB. Previously, a guest could construct a descriptor chain that caused Firecracker to allocate more host memory than the guest actually provided, potentially leading to excessive host memory consumption.
• #5760: Fixed HID (Hardware ID) of VMGenID device so that it aligns with the upstream Linux kernel. This caused the driver not to be bound correctly to the device prior to Linux kernel 6.10.
• #5764: Fixed a bug that caused the guest UART driver to get stuck and stop transmitting after snapshot restore. The bug was triggered by taking a snapshot while a serial transmission was taking place. On restore the driver would wait for a TX interrupt that would never arrive and no output would appear in the serial console.
• #5780: Fixed missing /sys/devices/system/cpu/cpu*/cache/* in aarch64 guests when running on host kernels >= 6.3 with guest kernels >= 6.1.156.
• #5793: Fixed virtio-mem plug/unplug skipping KVM slot updates for memory blocks not aligned to a slot boundary. On plug, this could leave hotplugged memory inaccessible to the guest. On unplug, the guest could retain access to memory that Firecracker considered freed.
• #5794: Bound balloon statistics descriptor length to prevent a guest-controlled oversized descriptor from temporarily stalling the VMM event loop. Only affects microVMs with stats_polling_interval_s > 0.
• #5809: Fixed a bug on host Linux >= 5.16 for x86_64 guests using the kvm-clock clock source causing the monotonic clock to jump on restore by the wall-clock time elapsed since the snapshot was taken. Users using kvm-clock that want to explicitly advance the clock with KVM_CLOCK_REALTIME can opt back in using the new clock_realtime flag in LoadSnapshot API.
• #5738: Fixed x86_64 snapshot serialization to cover the full KVM custom MSR range (0x4b564d00-0x4b564dff) instead of a small subset. Previously, some KVM MSRs such as MSR_KVM_ASYNC_PF_INT and MSR_KVM_ASYNC_PF_ACK were missing from snapshots, which could cause issues on restore.
• #5818: Enforce the virtio device initialization sequence in the PCI transport, matching the existing MMIO transport behavior. The PCI transport now validates device status transitions, rejects queue configuration writes outside the FEATURES_OK to DRIVER_OK window, rejects feature negotiation outside the DRIVER state, blocks re-initialization after a failed reset, and sets DEVICE_NEEDS_RESET when device activation fails.
• #5818: Reject device status writes that clear previously set bits in the MMIO transport, except for reset.
• #5884: Corrected the OpenAPI spec for PATCH /balloon/hinting/start and PATCH /balloon/hinting/stop to declare 204 No Content instead of 200, matching the actual runtime response.
• #5882: Fixed a race in the vsock device where, after snapshot restore, the RX queue could deliver data to the guest before it had acknowledged the TRANSPORT_RESET event, causing established connections to break.

Firecracker v1.15.1

Fixed

• #5762: Cap virtio-rng per-request entropy to 64 KiB. Previously, a guest could construct a descriptor chain that caused Firecracker to allocate more host memory than the guest actually provided, potentially leading to excessive host memory consumption.
• #5818: Enforce the virtio device initialization sequence in the PCI transport, matching the existing MMIO transport behavior. The PCI transport now validates device status transitions, rejects queue configuration writes outside the FEATURES_OK to DRIVER_OK window, rejects feature negotiation outside the DRIVER state, blocks re-initialization after a failed reset, and sets DEVICE_NEEDS_RESET when device activation fails. This fixes CVE-2026-5747.
• #5818: Reject device status writes that clear previously set bits in the MMIO transport, except for reset.
• #5780: Fixed missing /sys/devices/system/cpu/cpu*/cache/* in aarch64 guests when running on host kernels >= 6.3 with guest kernels >= 6.1.156.
• #5793: Fixed virtio-mem plug/unplug skipping KVM slot updates for memory blocks not aligned to a slot boundary. On plug, this could leave hotplugged memory inaccessible to the guest. On unplug, the guest could retain access to memory that Firecracker considered freed.
• #5794: Bound balloon statistics descriptor length to prevent a guest-controlled oversized descriptor from temporarily stalling the VMM event loop. Only affects microVMs with stats_polling_interval_s > 0.
• #5809: Fixed a bug on host Linux >= 5.16 for x86_64 guests using the kvm-clock clock source causing the monotonic clock to jump on restore by the wall-clock time elapsed since the snapshot was taken. Users using kvm-clock that want to explicitly advance the clock with KVM_CLOCK_REALTIME can opt back in using the new clock_realtime flag in LoadSnapshot API.

Firecracker v1.14.4

Fixed

• #5762: Cap virtio-rng per-request entropy to 64 KiB. Previously, a guest could construct a descriptor chain that caused Firecracker to allocate more host memory than the guest actually provided, potentially leading to excessive host memory consumption.
• #5818: Enforce the virtio device initialization sequence in the PCI transport, matching the existing MMIO transport behavior. The PCI transport now validates device status transitions, rejects queue configuration writes outside the FEATURES_OK to DRIVER_OK window, rejects feature negotiation outside the DRIVER state, blocks re-initialization after a failed reset, and sets DEVICE_NEEDS_RESET when device activation fails. This fixes CVE-2026-5747.
• #5818: Reject device status writes that clear previously set bits in the MMIO transport, except for reset.
• #5780: Fixed missing /sys/devices/system/cpu/cpu*/cache/* in aarch64 guests when running on host kernels >= 6.3 with guest kernels >= 6.1.156.
• #5793: Fixed virtio-mem plug/unplug skipping KVM slot updates for memory blocks not aligned to a slot boundary. On plug, this could leave hotplugged memory inaccessible to the guest. On unplug, the guest could retain access to memory that Firecracker considered freed.
• #5794: Bound balloon statistics descriptor length to prevent a guest-controlled oversized descriptor from temporarily stalling the VMM event loop. Only affects microVMs with stats_polling_interval_s > 0.
• #5809: Fixed a bug on host Linux >= 5.16 for x86_64 guests using the kvm-clock clock source causing the monotonic clock to jump on restore by the wall-clock time elapsed since the snapshot was taken. Users using kvm-clock that want to explicitly advance the clock with KVM_CLOCK_REALTIME can opt back in using the new clock_realtime flag in LoadSnapshot API.

Firecracker v1.14.3

Fixed

• #5739: Fixed validation of TCP SYN options length when MMDS is enabled.

Firecracker v1.15.0

Added

• #5510, #5593, #5564: Add support for the VMClock device. The implementation supports the snapshot safety features proposed here, but doesn't provide currently any clock-specific information for helping the guest synchronize its clocks. More information can be found in docs.
• #5574, #5671, #5674 #5690 Added Intel Granite Rapids as a supported and tested platform for Firecracker on 6.1 host kernel versions.

Changed

• #5564: which added support for VMClock, uses one extra GSI for the VMClock device itself which reduces the available GSIs for VirtIO devices. New maximum values is 92 devices on Aarch64 and 17 devices on x86.
• #5631: Update binary copy process inside Jailer to disallow symlinks and hardlinks at the destination path and change ownership of the copied binary to the specified uid/gid.

Fixed

• #5698: Fixed the possible ENXIO error which could occur during file open operation if the underlying file is FIFO without active readers already attached.
• #5688: Fixed vsock local port reuse across snapshot restore by saving the last used local port into the snapshot, so users need to regenerate snapshots.
• #5705: Fixed a bug that caused Firecracker to corrupt the memory files of differential snapshots for VMs with multiple memory slots. This affected VMs using memory hot-plugging or any x86 VMs with a memory size larger than 3GiB.
• #5739: Fixed validation of TCP SYN options length when MMDS is enabled.

Firecracker v1.14.2

Fixed

• #5698: Fixed the possible ENXIO error which could occur during file open operation if the underlying file is FIFO without active readers already attached.
• #5705: Fixed a bug that caused Firecracker to corrupt the memory files of differential snapshots for VMs with multiple memory slots. This affected VMs using memory hot-plugging or any x86 VMs with a memory size larger than 3GiB.

Firecracker v1.14.1

Changed

• #5631: Update binary copy process inside Jailer to disallow symlinks and hardlinks at the destination path and change ownership of the copied binary to the specified uid/gid.

Firecracker v1.13.2

Changed

• #5631: Update binary copy process inside Jailer to disallow symlinks and hardlinks at the destination path and change ownership of the copied binary to the specified uid/gid.

Firecracker v1.14.0

Added

• #5350: Added a /serial endpoint, which allows setting serial_out_path to the path of a pre-created file into which Firecracker should redirect output from the guest's serial console. Not configuring it means Firecracker will continue to print serial output to stdout. Similarly to the logger, this configuration is not persisted across snapshots.
• #5463: Added support for virtio-pmem devices. See documentation for more information.
• #5534: Added support for memory hot-plugging through the virtio-mem device. See documentation for more information.
• #5491: Added support for virtio-balloon free page reporting and hinting. Free page reporting is a developer preview not for production feature. See documentation for more information.

Changed

• #4028: Firecracker now creates the log and metrics files if they do not exist, simplifying the launch of Firecracker by removing a manual step.
• #5516: Balloon stats now supports guest kernel >= 6.12, adding metrics on guest OOM kills, memory allocation stalls, and memory scan/reclaim info.
• #5526: Specify IA32_MTRRdefType MSR on VM boot to allow it to set page attributes for memory regions.

Removed

• #5439: Removed the rx_partial_writes, tx_partial_reads, sync_response_fails, sync_vmm_send_timeout_count, deprecated_cmd_line_api_calls, log_fails and device_events metrics, as they were never incremented.

Fixed

• #5418: Fixed typo in Swagger definition of MmdsConfig, where the property imds_compat was spelled as imds_comat. This caused auto-generated clients to create bad requests.
• #5447: Fixed Intel AMX enabling for kernels that support dynamic XSTATE features for userspace applications but not for KVM guests (e.g. kernel versions >= 5.16 and < 5.17).
• #5485: Fixed a bug causing a read/write from an iovec to be duplicated when receiving an error on an iovec other than the first. This caused a data corruption issue in the vsock device starting from guest kernel 6.17.
• #5494: Fixed a watchdog soft lockup bug on microVMs restored from snapshots by calling KVM_KVMCLOCK_CTRL ioctl before resuming.
• #5538: Fixed a cache coherency issue on non-FWB aarch64 platforms by adding dma-coherent property to virtio-mmio nodes in the FDT.

Firecracker v1.13.1

Fixed

• #5418: Fixed typo in Swagger definition of MmdsConfig, where the property imds_compat was spelled as imds_comat. This caused auto-generated client to create bad requests.