Burak-Ok

**Name of the Vulnerable Software and Affected Versions** Inspektor Gadget versions prior to 0.50.1 **Description** Inspektor Gadget is a framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to version 0.50.1, if a gadget’s ring-buffer is full, either accidentally or maliciously, the gadget silently drops events. The `gadget reserve buf` function silently fails to allocate space without alerting the operator. The lost count reported by the eBPF operator when using ring-buffers is hardcoded to zero. A malicious event source, such as a compromised container, can exploit this to cause a denial of service by forcing the system to discard events from other containers or the same container. The issue relates to the Buffer API defined in the `include/gadget/buffer.h` file, specifically the transfer of data from eBPF programs to userspace using ring-buffers on Linux kernels version 5.8 and later. The ring-buffer size is hard-coded to 256KB. **Recommendations** Versions prior to 0.50.1 should be updated to version 0.50.1 or later.