AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-fjq3-ffvr-vm46: OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure

lowvulnerability

security

Source: GitHub Advisory DatabaseMay 18, 2026CVE-2026-45683

Summary

OpenTelemetry eBPF Instrumentation (OBI) has a vulnerability where its Java TLS monitoring code uses the wrong function to read memory pointers from user processes. A local process can trick it into reading kernel memory (memory that should be protected) instead of user memory, and that kernel data gets leaked into telemetry (monitoring data). This affects systems with Java TLS support enabled.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

May 18, 2026

Classification

Attack SophisticationModerate

Affected Packages

go.opentelemetry.io/obi@< 0.9.0 (fixed: 0.9.0)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-fjq3-ffvr-vm46

First tracked: May 18, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%