CVE-2026-10722

Publication date 3 June 2026

Last updated 18 June 2026

Ubuntu priority

Cvss 3 Severity Score

Description

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
golang-github-cilium-ebpf	26.04 LTS resolute	Needs evaluation
	25.10 questing	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation

Severity score breakdown

CVSS version:

Base score 1.9 · Low

Base metrics

Parameter	Value
Attack vector	Local
Attack complexity	Low
Attack requirements	None
Privileges required	Low
User interaction	None
Vulnerable system - Confidentiality impact	None
Vulnerable system - Integrity impact	None
Vulnerable system - Availability impact	Low
Subsequent system - Confidentiality impact	None
Subsequent system - Integrity impact	None
Subsequent system - Availability impact	None

Scores

Parameter	Value
Base score	1.9 · Low
Base + Threat score	-
Base + Environmental score	-
Base + Threat + Environmental score	-

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Base score 3.3 · Low