cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow_CVE-2026-10722

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.

Basic Information

ID CVE-2026-10722

Source VulDB

Published Jun 3, 2026 at 10:45

Affected Product

Vendor cilium

Product ebpf

Version 0.1

Affected Versions cilium ebpf 0.1
cilium ebpf 0.2
cilium ebpf 0.3
cilium ebpf 0.4
cilium ebpf 0.5
cilium ebpf 0.6
cilium ebpf 0.7
cilium ebpf 0.8
cilium ebpf 0.9
cilium ebpf 0.10
cilium ebpf 0.11
cilium ebpf 0.12
cilium ebpf 0.13
cilium ebpf 0.14
cilium ebpf 0.15
cilium ebpf 0.16
cilium ebpf 0.17
cilium ebpf 0.18
cilium ebpf 0.19
cilium ebpf 0.20
cilium ebpf 0.21.0

CWE Classification

CWE-190 CWE-189

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.",
    "published": "2026-06-03T10:45:10.269Z",
    "modified": "2026-06-03T10:45:10.269Z",
    "type": "cve",
    "title": "cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/368091\nhttps://vuldb.com/vuln/368091/cti\nhttps://vuldb.com/cve/CVE-2026-10722\nhttps://vuldb.com/submit/818291\nhttps://github.com/cilium/ebpf/issues/2019\nhttps://github.com/cilium/ebpf/pull/2021\nhttps://gist.github.com/thesmartshadow/256bff0f8042c584f993ace89074a815\nhttps://github.com/cilium/ebpf/commit/533dfc82fd228bfadf42ea7180c39de7d9af47fa\nhttps://github.com/cilium/ebpf/",
    "id": "CVE-2026-10722",
    "bulletinFamily": "",
    "cwe": [
        "CWE-190",
        "CWE-189"
    ],
    "cvelist": null,
    "sourceData": "cilium ebpf 0.1\ncilium ebpf 0.2\ncilium ebpf 0.3\ncilium ebpf 0.4\ncilium ebpf 0.5\ncilium ebpf 0.6\ncilium ebpf 0.7\ncilium ebpf 0.8\ncilium ebpf 0.9\ncilium ebpf 0.10\ncilium ebpf 0.11\ncilium ebpf 0.12\ncilium ebpf 0.13\ncilium ebpf 0.14\ncilium ebpf 0.15\ncilium ebpf 0.16\ncilium ebpf 0.17\ncilium ebpf 0.18\ncilium ebpf 0.19\ncilium ebpf 0.20\ncilium ebpf 0.21.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ebpf",
    "version": "0.1",
    "vendor": "cilium",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}