3.3 CVE-2026-10722

Enriched by CISA Patch Exploit
 

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.
https://nvd.nist.gov/vuln/detail/CVE-2026-10722

Categories

CWE-189

References


 

AFFECTED (from MITRE)


Vendor Product Versions
cilium ebpf
  • 0.1 [affected]
  • 0.2 [affected]
  • 0.3 [affected]
  • 0.4 [affected]
  • 0.5 [affected]
  • 0.6 [affected]
  • 0.7 [affected]
  • 0.8 [affected]
  • 0.9 [affected]
  • 0.10 [affected]
  • 0.11 [affected]
  • 0.12 [affected]
  • 0.13 [affected]
  • 0.14 [affected]
  • 0.15 [affected]
  • 0.16 [affected]
  • 0.17 [affected]
  • 0.18 [affected]
  • 0.19 [affected]
  • 0.20 [affected]
  • 0.21.0 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
cpe:2.3:a:cilium:ebpf:*:*:*:*:*:go:*:* <= 0.21.0


REMEDIATION


Patch

Url
https://github.com/cilium/ebpf/commit/533dfc82fd228bfadf42ea7180c39de7d9af47fa
https://github.com/cilium/ebpf/pull/2021


EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
https://gist.github.com/thesmartshadow/256bff0f8042c584f993ace89074a815


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry