Description
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.
Published: 2026-06-03
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an integer overflow in the loadRawSpec function of the cilium/ebpf library (up to version 0.21.0). The overflow occurs when parsing BTF specifications and can only be triggered from a local environment. The overflow may lead to undefined behavior, including memory corruption or application crashes, but there is no documented remote code execution or privilege escalation.

Affected Systems

The cilium:ebpf component of Cilium is affected, specifically all releases up to and including version 0.21.0. The vulnerability resides in the file btf/btf.go of the LoadCollectionSpec/LoadCollectionSpecFromReader functions.

Risk and Exploitability

The CVSS score is 4.8, indicating a low severity. EPSS is not available and the vulnerability is not listed in CISA KEV, suggesting low likelihood of exploitation in the wild. Because the attack can only be performed locally, the risk is confined to systems that process untrusted BTF specifications on the local machine. However, local attackers could induce application crashes or potentially corrupt memory, which may be a stepping stone to more serious issues in some contexts.

Generated by OpenCVE AI on June 3, 2026 at 15:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch corresponding to commit 533dfc82fd228bfadf42ea7180c39de7d9af47fa to the cilium/ebpf repository.
  • Upgrade cilium/ebpf to a release newer than 0.21.0 that contains the fix.
  • Restrict or carefully validate any local code that loads BTF specifications to prevent malformed inputs from triggering the overflow.

Generated by OpenCVE AI on June 3, 2026 at 15:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue. A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.

Wed, 03 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.
Title cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow
First Time appeared Cilium
Cilium ebpf
Weaknesses CWE-189
CWE-190
CPEs cpe:2.3:a:cilium:ebpf:*:*:*:*:*:*:*:*
Vendors & Products Cilium
Cilium ebpf
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Cilium Ebpf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-03T14:07:17.819Z

Reserved: 2026-06-03T05:17:10.007Z

Link: CVE-2026-10722

cve-icon Vulnrichment

Updated: 2026-06-03T13:13:12.060Z

cve-icon NVD

Status : Received

Published: 2026-06-03T13:16:19.150

Modified: 2026-06-03T14:16:35.370

Link: CVE-2026-10722

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T15:45:36Z

Weaknesses