Fabre

#1139176 golang-github-cilium-ebpf: CVE-2026-10722 #1139176

Package:: src:golang-github-cilium-ebpf

Source:: src:golang-github-cilium-ebpf

Submitter:: Salvatore Bonaccorso

Date:: 2026-06-11 17:37:06 UTC

Severity:: normal

Tags:

#1139176#5

Date:: 2026-06-06 19:24:11 UTC

From:

To:

Hi,

The following vulnerability was published for golang-github-cilium-ebpf.

CVE-2026-10722[0]:
| A vulnerability has been found in cilium ebpf up to 0.21.0. This
| affects the function loadRawSpec of the file btf/btf.go of the
| component LoadCollectionSpec/LoadCollectionSpecFromReader. Such
| manipulation of the argument offset leads to integer overflow. The
| attack can only be performed from a local environment. The exploit
| has been disclosed to the public and may be used. The name of the
| patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be
| applied to remediate this issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-10722
https://www.cve.org/CVERecord?id=CVE-2026-10722
[1] https://github.com/cilium/ebpf/issues/2019
[2] https://github.com/cilium/ebpf/pull/2021
[3] https://github.com/cilium/ebpf/commit/533dfc82fd228bfadf42ea7180c39de7d9af47fa

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1139176 golang-github-cilium-ebpf: CVE-2026-10722 #1139176

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)