Skip to main content

opentelemetry-ebpf-profiler CVE-2026-48496

MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-06-23 https://github.com/open-telemetry/opentelemetry-ebpf-profiler GHSA-f2r5-5m7w-p5cx
6.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.2 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
6.2 MEDIUM

AV:L confirmed by co-located process requirement; PR:N because unprivileged workload suffices; A:H for permanent, unrecoverable goroutine block; C/I remain N as no data access or modification occurs.

3.1 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 23, 2026 - 23:01 vuln.today
Analysis Generated
Jun 23, 2026 - 23:01 vuln.today

DescriptionGitHub Advisory

Summary

An unprivileged process can easily trigger the processPIDEvents goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the openat2 syscall forever and the profiler can no longer work properly, it is a denial of service.

Impact

The impact is limited to denial-of-service on the ebpf-profiler agent:

  • There has to be a malicious workload albeit unprivileged.
  • No exfiltration of data. No loss of data.

Fix

Fixed in https://github.com/open-telemetry/opentelemetry-ebpf-profiler/commit/234b685cab31c2cb2f79e966caeab168bcc489e4.

Fix is part of v.0.0.202622.

AnalysisAI

Permanent denial of service in opentelemetry-ebpf-profiler versions 0.0.202527 through 0.0.202621 allows any unprivileged co-located process to halt the agent's ELF analysis goroutine by placing a FIFO or special file at a path the profiler will attempt to open via openat2. Once blocked, the processPIDEvents goroutine never recovers, rendering the profiling agent inoperable for the lifetime of the process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain unprivileged local process execution on profiler host
Delivery
Create FIFO at ELF mapping path in process namespace
Exploit
Profiler goroutine resolves path and calls openat2 on FIFO
Execution
Kernel blocks goroutine indefinitely awaiting FIFO peer
Persist
ELF analysis halted permanently
Impact
Profiler agent DoS

Vulnerability AssessmentAI

Exploitation Exploitation requires a process running on the same Linux host as the opentelemetry-ebpf-profiler agent (local attack vector, AV:L per CVSS). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.2 score (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) is well-calibrated for this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An untrusted container workload on a Kubernetes node creates a named FIFO at a filesystem path within its own process namespace that the ebpf-profiler agent will subsequently resolve when analyzing that process's ELF mappings. When the profiler's processPIDEvents goroutine calls openat2 on the FIFO path, the Linux kernel blocks the syscall indefinitely awaiting a peer reader, permanently stalling the goroutine. …
Remediation Upgrade to opentelemetry-ebpf-profiler version 0.0.202622 or later, which contains the fix at commit 234b685cab31c2cb2f79e966caeab168bcc489e4 (https://github.com/open-telemetry/opentelemetry-ebpf-profiler/commit/234b685cab31c2cb2f79e966caeab168bcc489e4); the patched release is available at https://github.com/open-telemetry/opentelemetry-ebpf-profiler/releases/tag/v0.0.202622. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Server 16.0 Affected

Share

CVE-2026-48496 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy