Description
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is – incidentally or maliciously – already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (>= 5.8), this transfer mechanism is based on ring-buffers. The size of the ring-buffer for the gadgets is hard-coded to 256KB. When a gadget_reserve_buf fails because of insufficient space, the gadget silently cleans up without producing an alert. The lost count reported by the eBPF operator, when using ring-buffers – the modern choice – is hardcoded to zero. The vulnerability can be used by a malicious event source (e.g. a compromised container) to cause a Denial Of Service, forcing the system to drop events coming from other containers (or the same container). This vulnerability is fixed in 0.50.1.
INFO
Published Date :
2026-03-12T17:35:02.129Z
Last Modified :
2026-03-13T16:25:05.936Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2026-31890 vulnerability.
| Vendors | Products |
|---|---|
| Inspektor-gadget |
|
| Linuxfoundation |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31890.
