CVE-2026-10722

Exploit

EPSS 0.18%
Veröffentlicht 03.06.2026 10:45:10
Zuletzt bearbeitet 10.06.2026 18:28:32
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 12

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cilium ≫ Ebpf SwPlatformgo Version <= 0.21.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.075

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com	1.9	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://vuldb.com/vuln/368091

Third Party Advisory

VDB Entry

https://vuldb.com/vuln/368091/cti

VDB Entry

Permissions Required

https://vuldb.com/cve/CVE-2026-10722

Third Party Advisory

VDB Entry

https://vuldb.com/submit/818291

Third Party Advisory

VDB Entry

https://github.com/cilium/ebpf/issues/2019

Issue Tracking

https://github.com/cilium/ebpf/pull/2021

Patch

Issue Tracking

https://gist.github.com/thesmartshadow/256bff0f8042c584f993ace89074a815

Third Party Advisory

Exploit

Issue Tracking

Mitigation

https://github.com/cilium/ebpf/commit/533dfc82fd228bfadf42ea7180c39de7d9af47fa

Patch

https://github.com/cilium/ebpf/

Product

https://nvd.nist.gov/vuln/detail/CVE-2026-10722

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-10722

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-10722

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-10722