Inspektor Gadget CVE-2026-44778
LOWSeverity by source
Container code execution required (AV:L, PR:L); specific custom USDT gadget prerequisite raises AC:H; crash of privileged host process is a scope change (S:C) with high availability impact (A:H) and no C/I impact.
Lifecycle Timeline
2DescriptionCVE.org
Summary
A malicious container can crash or destabilize the privileged Inspektor Gadget process when a gadget using USDT probes is deployed. The vulnerability is in the USDT note parser (pkg/uprobetracer/usdt.go) which is invoked when a gadget with a SEC("usdt/...") section attaches to a target binary. An unprivileged process can place a crafted ELF binary at the expected library path, triggering one of two attack vectors:
- Panic (immediate crash): A stapsdt note with a small
DescSizecauses an out-of-bounds slice access, panicking the IG process. - Memory exhaustion (OOM kill): A stapsdt note with a very large
NameSizeorDescSizecauses IG to allocate up to ~4 GiB of memory, which can killnthe process if deployed with memory restrictions (e.g., cgroup limits).
Important: The vulnerability is only triggered when running a gadget that uses USDT probes (i.e., contains a SEC("usdt/...") eBPF section). No gadget shipped by the Inspektor Gadget project uses USDT today. Users who deploy their own custom USDT gadgets are affected.
Severity
Low - Denial of Service (process crash or OOM) of a privileged host process, triggered by an unprivileged container. The vulnerable code path is only reached when a gadget using USDT probes is deployed. No such gadget is shipped by the Inspektor Gadget project; only users running custom USDT gadgets are affected.
- Attack vector: An unprivileged process in a container places a crafted ELF file at a path that a USDT gadget targets (e.g., a library name resolved via the container's ld cache). When the gadget attaches, IG parses the malicious ELF and crashes.
- Impact: The IG process panics and crashes (vector 1) or is OOM-killed (vector 2). This is a DoS against the monitoring infrastructure, not a code execution or privilege escalation vulnerability.
- Affected component:
pkg/uprobetracer/usdt.go, functiongetUsdtInfo() - Prerequisites: A gadget with a
SEC("usdt/...")eBPF section must be running and configured to attach to a library inside the attacker's container.
No shipped gadgets use USDT probes, so this only affects deployments with custom USDT gadgets.
Affected Versions
All versions of Inspektor Gadget that include USDT support in pkg/uprobetracer/usdt.go, starting from v0.28.0 (commit 7ee5e7a90 "pkg/uprobetracer: support USDT trace points").
Root Cause
Vector 1: Out-of-bounds slice access (panic)
In pkg/uprobetracer/usdt.go, the function getUsdtInfo() parses stapsdt notes from an ELF file's .note.stapsdt section. When a matching note is found (name "stapsdt\0" and type 3), it reads three address fields from the note descriptor:
// usdt.go lines 137-139
elfLocation := elfReader.ByteOrder.Uint64(desc[:wordSize])
elfBase := elfReader.ByteOrder.Uint64(desc[wordSize : 2*wordSize])
elfSemaphore := elfReader.ByteOrder.Uint64(desc[2*wordSize : 3*wordSize])For a 64-bit ELF, wordSize = 8, so this requires desc to be at least 24 bytes. However, desc is allocated based on the note's DescSize field from the ELF file:
desc := make([]byte, alignUp(uint64(header.DescSize), 4))A crafted ELF with DescSize = 1 produces a 4-byte desc buffer. The expression desc[:8] then panics with:
panic: runtime error: slice bounds out of range [:8] with capacity 4Vector 2: Unbounded memory allocation (OOM)
The NameSize and DescSize fields from the note header are used directly to allocate memory without any upper bound:
name := make([]byte, alignUp(uint64(header.NameSize), 4))
desc := make([]byte, alignUp(uint64(header.DescSize), 4))A crafted ELF with NameSize = 0xFFFFFFFF would attempt to allocate ~4 GiB of memory. Under cgroup memory limits (common in Kubernetes deployments), this triggers an OOM kill of the IG process.
Vector 3: Missing panic recovery for debug/elf
Go's debug/elf package is not hardened against adversarial inputs and may panic on malformed ELF headers. The cilium/ebpf library addresses this with its SafeELFFile wrapper that uses recover(), but getUsdtInfo() calls elf.NewFile() directly without any panic recovery.
Fix
The fix (3 changes in pkg/uprobetracer/usdt.go):
- Bounds check on descriptor size: Validate
len(desc) >= 3*wordSizebefore accessing the address fields. Reject malformed notes with an error instead of panicking. - Cap allocation sizes: Limit
NameSizeandDescSizeto a reasonable maximum (1 MiB) before allocating memory, preventing DoS via memory exhaustion. There is no standard upper bound for ELF note fields; 1 MiB is a generous arbitrary cap - legitimate USDT notes are typically under 1 KB. - Panic recovery: Wrap
getUsdtInfo()withdefer/recoverto catch any panics fromdebug/elfon malformed input, converting them to errors.
Related
- Go
debug/elfknown issues: https://github.com/golang/go/issues?q=is%3Aissue+is%3Aopen+debug%2Felf+in%3Atitle - cilium/ebpf
SafeELFFilewrapper: https://github.com/cilium/ebpf/blob/main/internal/safeelf.go - usesrecover()around alldebug/elfoperations for exactly this reason.
AnalysisAI
Denial of service in Inspektor Gadget's USDT note parser (pkg/uprobetracer/usdt.go) allows an unprivileged container process to crash or OOM-kill the privileged IG host process by placing a crafted ELF binary at a path targeted by a custom USDT gadget. Two distinct attack vectors exist: a panic from out-of-bounds slice access when DescSize is artificially small, and unbounded memory allocation (~4 GiB) when NameSize or DescSize is set to 0xFFFFFFFF. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two specific non-default conditions to be simultaneously true: (1) a custom USDT gadget containing a SEC("usdt/...") eBPF section must be actively deployed and running - no gadget shipped by Inspektor Gadget uses USDT, making the overwhelming majority of deployments completely unexposed; and (2) the attacker must have unprivileged code execution inside a container whose library paths are targeted by the running USDT gadget, enabling placement of a crafted ELF file at the resolved library path. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No NVD CVSS vector was published for this CVE; the vendor self-rates severity as Low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with unprivileged code execution inside a Kubernetes container creates a crafted ELF binary (e.g., a fake shared library named to match a target like libfoo.so.1) and places it at the path that the running USDT gadget will resolve via the container's ld.so cache. When the Inspektor Gadget process attaches its USDT probes to the container's binary, it calls getUsdtInfo() on the malicious ELF, which either immediately panics due to out-of-bounds slice access (DescSize=1 vector) or triggers an OOM kill by allocating ~4 GiB (DescSize=0xFFFFFFFF vector), crashing the privileged IG monitoring process on the host. … |
| Remediation | Vendor-released patch: v0.53.1. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Kubernetes
View allA critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4
Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass
Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref
String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-7cfq-5mhv-jrp9