Description
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_probe_read instead of bpf_probe_read_user. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. This issue has been patched in version 0.9.0.
Published: 2026-06-02
Score: 3.8 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Java TLS ioctl probe of OpenTelemetry eBPF Instrumentation, where user-controlled ioctl pointers are read with bpf_probe_read instead of the safer bpf_probe_read_user. When an instrumented local process supplies a pointer that references kernel memory, that memory is copied into telemetry data, leading to the disclosure of sensitive kernel contents and a confidentiality compromise of the host.

Affected Systems

OpenTelemetry eBPF Instrumentation is affected across all releases before version 0.9.0. The issue is fixed in release 0.9.0 and later.

Risk and Exploitability

The CVSS score of 3.8 indicates a low overall severity, reflecting that the flaw requires a local instrumented process with control over the Java TLS ioctl probe to trigger the memory disclosure. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation. Attackers need local, privileged access to the instrumentation process to supply the controlled pointer; without this, the risk remains low.

Generated by OpenCVE AI on June 2, 2026 at 16:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenTelemetry eBPF Instrumentation to version 0.9.0 or later, where the probe has been corrected.
  • If an upgrade cannot be performed immediately, disable the Java TLS ioctl kprobe to prevent local processes from providing controlled pointers.
  • Ensure that all instrumentation processes run with the least privilege necessary and that kernel memory reads are not exposed outside the host environment.

Generated by OpenCVE AI on June 2, 2026 at 16:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-fjq3-ffvr-vm46 OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure
History

Tue, 02 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Opentelemetry
Opentelemetry opentelemetry-ebpf-instrumentation
Vendors & Products Opentelemetry
Opentelemetry opentelemetry-ebpf-instrumentation

Tue, 02 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_probe_read instead of bpf_probe_read_user. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. This issue has been patched in version 0.9.0.
Title OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure
Weaknesses CWE-127
CWE-200
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N'}

Subscriptions

Opentelemetry Opentelemetry-ebpf-instrumentation
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-02T15:25:11.881Z

Reserved: 2026-05-12T21:59:25.667Z

Link: CVE-2026-45683

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-02T16:16:43.047

Modified: 2026-06-02T17:14:05.363

Link: CVE-2026-45683

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T16:45:13Z

Weaknesses