CVE-2026-31890

Name of the Vulnerable Software and Affected Versions Inspektor Gadget versions prior to 0.50.1

Description Inspektor Gadget is a framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to version 0.50.1, if a gadget’s ring-buffer is full, either accidentally or maliciously, the gadget silently drops events. The gadget reserve buf function silently fails to allocate space without alerting the operator. The lost count reported by the eBPF operator when using ring-buffers is hardcoded to zero. A malicious event source, such as a compromised container, can exploit this to cause a denial of service by forcing the system to discard events from other containers or the same container. The issue relates to the Buffer API defined in the include/gadget/buffer.h file, specifically the transfer of data from eBPF programs to userspace using ring-buffers on Linux kernels version 5.8 and later. The ring-buffer size is hard-coded to 256KB.

Recommendations Versions prior to 0.50.1 should be updated to version 0.50.1 or later.