Ebpf
Monthly
Integer overflow in the cilium/ebpf Go library (versions up to 0.21.0) allows a local authenticated user to cause an availability impact by supplying crafted BPF Type Format (BTF) data to the LoadCollectionSpec or LoadCollectionSpecFromReader APIs. The flaw resides in the loadRawSpec function where 32-bit header field arithmetic was performed using signed int types, enabling overflow to bypass bounds checks on StringOff, StringLen, TypeOff, and TypeLen fields. No public exploit identified at time of analysis as a KEV listing, though publicly available exploit code exists per VulDB and the CVSS temporal component E:P confirms a proof-of-concept is circulating.
Integer overflow in the cilium/ebpf Go library (versions up to 0.21.0) allows a local authenticated user to cause an availability impact by supplying crafted BPF Type Format (BTF) data to the LoadCollectionSpec or LoadCollectionSpecFromReader APIs. The flaw resides in the loadRawSpec function where 32-bit header field arithmetic was performed using signed int types, enabling overflow to bypass bounds checks on StringOff, StringLen, TypeOff, and TypeLen fields. No public exploit identified at time of analysis as a KEV listing, though publicly available exploit code exists per VulDB and the CVSS temporal component E:P confirms a proof-of-concept is circulating.