opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent
Moderate severity
GitHub Reviewed
Published
Jun 3, 2026
in
open-telemetry/opentelemetry-ebpf-profiler
Package
Affected versions
>= 0.0.202527, < 0.0.202622
Patched versions
0.0.202622
Description
Published to the GitHub Advisory Database
Jun 23, 2026
Reviewed
Jun 23, 2026
Summary
An unprivileged process can easily trigger the
processPIDEventsgoroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in theopenat2syscall forever and the profiler can no longer work properly, it is a denial of service.Impact
The impact is limited to denial-of-service on the ebpf-profiler agent:
Fix
Fixed in open-telemetry/opentelemetry-ebpf-profiler@234b685.
Fix is part of v.0.0.202622.
References