OpenTelemetry eBPF Instrumentation Unbounded CPU Consumption Vulnerability

A performance issue has been identified in OpenTelemetry eBPF Instrumentation versions prior to 0.9.0. The problem arises in the OBI component, which replays BPF probe hits into histogram observations by iterating once for each recorded run count. On busy systems, this run-count delta can grow significantly, leading the metrics exporter to consume excessive CPU resources in a tight loop during each collection interval. This behavior can be exacerbated by driving high traffic through instrumented services, creating a workload that amplifies the CPU consumption issue.

Impact

Exploitation of this vulnerability can lead to a significant increase in CPU usage, causing availability issues in the internal metrics path. This effect is most pronounced on busy systems with high traffic volumes.

Reproduction

The vulnerability can be reproduced by using a build of OpenTelemetry eBPF Instrumentation prior to version 0.9.0. After building and running the agent with internal metrics export enabled, create a high-rate workload that exercises the traced probes. This can be done by generating HTTP traffic against an instrumented service while simultaneously scraping the internal metrics. The CPU consumption of the OBI agent will increase sharply, reflecting the vulnerability's impact.

Remediation

Users can upgrade to OpenTelemetry eBPF Instrumentation version 0.9.0 or later, where this vulnerability has been patched.