CVE-2026-31890
Inspektor Gadget: Tracing Denial of Service via Event Flooding
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a gadget is โ incidentally or maliciously โ already full, the gadget will silently drop events. The include/gadget/buffer.h file contains definitions for the Buffer API that gadgets can use to, among the other things, transfer data from eBPF programs to userspace. For hosts running a modern enough Linux kernel (>= 5.8), this transfer mechanism is based on ring-buffers. The size of the ring-buffer for the gadgets is hard-coded to 256KB. When a gadget_reserve_buf fails because of insufficient space, the gadget silently cleans up without producing an alert. The lost count reported by the eBPF operator, when using ring-buffers โ the modern choice โ is hardcoded to zero. The vulnerability can be used by a malicious event source (e.g. a compromised container) to cause a Denial Of Service, forcing the system to drop events coming from other containers (or the same container). This vulnerability is fixed in 0.50.1.
| CWE | CWE-223 CWE-770 |
| Vendor | inspektor-gadget |
| Product | inspektor-gadget |
| Published | Mar 12, 2026 |
| Last Updated | Mar 13, 2026 |
Get instant alerts for inspektor-gadget inspektor-gadget
Be the first to know when new unknown vulnerabilities affecting inspektor-gadget inspektor-gadget are published โ delivered to Slack, Telegram or Discord.