CVE-2026-10722
Integer Overflow in Cilium eBPF up to 0.21.0
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cilium | ebpf | to 0.21.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
| CWE-189 |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-10722 is a vulnerability in the cilium/ebpf library related to the BPF Type Format (BTF) string-table offset validation. The parser incorrectly accepts a non-zero string offset equal to the string length as valid, which leads it to perform an invalid slice operation. This causes a Go panic due to out-of-bounds slice access when the parser searches for a NUL byte in an empty slice. The root cause is a boundary check flaw in the BTF string offset parsing logic, affecting multiple string-offset consumers in the BTF and .BTF.ext parsers.
The vulnerability can be triggered by processing malformed ELF/BTF input, causing the parser to crash instead of returning a parse error. This flaw leads to denial of service by crashing processes that parse less-trusted eBPF ELF/BTF artifacts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in cilium/ebpf (CVE-2026-10722) causes a denial of service through a parser panic when processing malformed BTF string-table references. It does not lead to remote code execution, memory corruption, privilege escalation, or data leakage.
Since the vulnerability only results in denial of service and requires local access to exploit, it does not directly expose sensitive data or compromise confidentiality, integrity, or availability in a way that would typically violate standards like GDPR or HIPAA.
However, denial of service conditions could impact system availability, which is a consideration under these regulations. Organizations relying on cilium/ebpf for critical processing should apply the patch to maintain system stability and compliance with availability requirements.
How can this vulnerability impact me? :
This vulnerability can cause denial of service (DoS) by crashing processes that parse eBPF ELF/BTF artifacts. Specifically, long-running artifact scanners or continuous integration (CI) style parser workers that handle less-trusted or malformed eBPF files may be forced to stop or restart due to parser panics.
The attack requires local access to the environment where the vulnerable parser runs, as it cannot be exploited remotely. The impact does not include remote code execution, memory corruption, privilege escalation, or kernel-level compromise.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as a denial of service caused by a panic in the cilium/ebpf library when parsing malformed BTF (BPF Type Format) string-table offsets. Detection involves identifying processes that parse eBPF ELF/BTF artifacts and monitoring for crashes or panics related to BTF parsing.
Since the attack can only be performed locally and triggers a Go panic due to invalid slice operations, detection can focus on monitoring logs or process crashes of applications using the cilium/ebpf library, especially those handling untrusted eBPF artifacts.
No specific detection commands are provided in the available resources. However, general approaches include:
- Monitoring logs for Go panics or crashes related to BTF parsing.
- Using debugging or tracing tools (e.g., strace, gdb) on processes that load or parse eBPF programs to detect abnormal termination.
- Checking for usage of vulnerable versions of the cilium/ebpf library (up to 0.21.0) in your environment.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to apply the security patch that fixes the integer overflow and boundary check issues in the cilium/ebpf library.
Specifically, update the cilium/ebpf library to a version that includes the patch identified by commit 533dfc82fd228bfadf42ea7180c39de7d9af47fa, which was merged on May 27, 2026.
This patch adds proper boundary checks to prevent out-of-bounds reads and integer overflows during BTF parsing, eliminating the panic conditions.
Additionally, since the attack requires local access, restrict local user permissions and limit access to systems running vulnerable versions of the library.
Avoid processing untrusted or malformed eBPF ELF/BTF artifacts until the patch is applied.