Source: golang-github-cilium-ebpf Version: 0.17.3+ds1-4 Severity: important Tags: security upstream Forwarded: https://github.com/cilium/ebpf/issues/2019 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for golang-github-cilium-ebpf. CVE-2026-10722[0]: | A vulnerability has been found in cilium ebpf up to 0.21.0. This | affects the function loadRawSpec of the file btf/btf.go of the | component LoadCollectionSpec/LoadCollectionSpecFromReader. Such | manipulation of the argument offset leads to integer overflow. The | attack can only be performed from a local environment. The exploit | has been disclosed to the public and may be used. The name of the | patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be | applied to remediate this issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-10722 https://www.cve.org/CVERecord?id=CVE-2026-10722 [1] https://github.com/cilium/ebpf/issues/2019 [2] https://github.com/cilium/ebpf/pull/2021 [3] https://github.com/cilium/ebpf/commit/533dfc82fd228bfadf42ea7180c39de7d9af47fa Please adjust the affected versions in the BTS as needed. Regards, Salvatore
