GHSA-F2R5-5M7W-P5CX
Vulnerability from github – Published: 2026-06-23 22:16 – Updated: 2026-06-23 22:16
VLAI
Summary
opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent
Details
Summary
An unprivileged process can easily trigger the processPIDEvents goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the openat2 syscall forever and the profiler can no longer work properly, it is a denial of service.
Impact
The impact is limited to denial-of-service on the ebpf-profiler agent: - There has to be a malicious workload albeit unprivileged. - No exfiltration of data. No loss of data.
Fix
Fixed in https://github.com/open-telemetry/opentelemetry-ebpf-profiler/commit/234b685cab31c2cb2f79e966caeab168bcc489e4.
Fix is part of v.0.0.202622.
Severity
6.2 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "go.opentelemetry.io/ebpf-profiler"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.202527"
},
{
"fixed": "0.0.202622"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48496"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-23T22:16:14Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nAn unprivileged process can easily trigger the `processPIDEvents` goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the `openat2` syscall forever and the profiler can no longer work properly, it is a denial of service.\n\n### Impact\n\nThe impact is limited to denial-of-service on the ebpf-profiler agent:\n- There has to be a malicious workload albeit unprivileged.\n- No exfiltration of data. No loss of data.\n\n### Fix\n\nFixed in https://github.com/open-telemetry/opentelemetry-ebpf-profiler/commit/234b685cab31c2cb2f79e966caeab168bcc489e4.\n\nFix is part of [v.0.0.202622](https://github.com/open-telemetry/opentelemetry-ebpf-profiler/releases/tag/v0.0.202622).",
"id": "GHSA-f2r5-5m7w-p5cx",
"modified": "2026-06-23T22:16:14Z",
"published": "2026-06-23T22:16:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-profiler/security/advisories/GHSA-f2r5-5m7w-p5cx"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-profiler/commit/234b685cab31c2cb2f79e966caeab168bcc489e4"
},
{
"type": "PACKAGE",
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-profiler"
},
{
"type": "WEB",
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-profiler/releases/tag/v0.0.202622"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…