CVE-2026-10722
Public on 2026-06-03
Modified on 2026-06-09
Description
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Docker Extra | containerd | Pending Fix | ||
| Amazon Linux 2023 | containerd | Pending Fix | ||
| Amazon Linux 2 - Docker Extra | docker | Pending Fix | ||
| Amazon Linux 2023 | docker | Pending Fix | ||
| Amazon Linux 2 - Core | nerdctl | Pending Fix | ||
| Amazon Linux 2023 | nerdctl | Pending Fix | ||
| Amazon Linux 2 - Docker Extra | runfinch-finch | Pending Fix | ||
| Amazon Linux 2023 | runfinch-finch | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| NVD | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |