Integer Divide-by-Zero Vulnerability in Oracle Linux dtrace Process
CVE-2026-21996

3.3LOW

Key Information:

Vendor: Oracle
Status: Oracle Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-21996?

An integer Divide-by-Zero vulnerability has been identified in the dtrace process of Oracle Linux. This flaw allows an unprivileged attacker to trigger a crash by deploying a specially crafted ELF binary, resulting in a denial of service. Proper patches and mitigation strategies are necessary to safeguard against potential exploitation.

Affected Version(s)

Oracle Linux 8

Oracle Linux 9

Oracle Linux 10

References

https://linux.oracle.com/cve/CVE-2026-21996.html

vendor-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21996 Data

JSON