opentelemetry-ebpf-profiler CVE-2026-48496
MEDIUMSeverity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV:L confirmed by co-located process requirement; PR:N because unprivileged workload suffices; A:H for permanent, unrecoverable goroutine block; C/I remain N as no data access or modification occurs.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
Summary
An unprivileged process can easily trigger the processPIDEvents goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the openat2 syscall forever and the profiler can no longer work properly, it is a denial of service.
Impact
The impact is limited to denial-of-service on the ebpf-profiler agent:
- There has to be a malicious workload albeit unprivileged.
- No exfiltration of data. No loss of data.
Fix
Fixed in https://github.com/open-telemetry/opentelemetry-ebpf-profiler/commit/234b685cab31c2cb2f79e966caeab168bcc489e4.
Fix is part of v.0.0.202622.
AnalysisAI
Permanent denial of service in opentelemetry-ebpf-profiler versions 0.0.202527 through 0.0.202621 allows any unprivileged co-located process to halt the agent's ELF analysis goroutine by placing a FIFO or special file at a path the profiler will attempt to open via openat2. Once blocked, the processPIDEvents goroutine never recovers, rendering the profiling agent inoperable for the lifetime of the process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a process running on the same Linux host as the opentelemetry-ebpf-profiler agent (local attack vector, AV:L per CVSS). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.2 score (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) is well-calibrated for this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An untrusted container workload on a Kubernetes node creates a named FIFO at a filesystem path within its own process namespace that the ebpf-profiler agent will subsequently resolve when analyzing that process's ELF mappings. When the profiler's processPIDEvents goroutine calls openat2 on the FIFO path, the Linux kernel blocks the syscall indefinitely awaiting a peer reader, permanently stalling the goroutine. … |
| Remediation | Upgrade to opentelemetry-ebpf-profiler version 0.0.202622 or later, which contains the fix at commit 234b685cab31c2cb2f79e966caeab168bcc489e4 (https://github.com/open-telemetry/opentelemetry-ebpf-profiler/commit/234b685cab31c2cb2f79e966caeab168bcc489e4); the patched release is available at https://github.com/open-telemetry/opentelemetry-ebpf-profiler/releases/tag/v0.0.202622. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: Moderate| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server 16.1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Affected |
| openSUSE Leap 16.0 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Affected |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Affected |
| openSUSE Leap 15.5 | Affected |
| openSUSE Leap 15.6 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-f2r5-5m7w-p5cx