CVE-2026-45683
EUVD-2026-3395602.06.2026, 16:16
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_probe_read instead of bpf_probe_read_user. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. This issue has been patched in version 0.9.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| opentelemetry | ebpf_instrumentation | 𝑥 < 0.9.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References