Heap Memory Vulnerability in Dtrace Process of Oracle Linux
CVE-2026-35233

4.4MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-35233?

An unprivileged attacker may exploit a flaw in the Dtrace process of Oracle Linux by creating a specially crafted user-space process with a malicious ELF binary. This binary possesses an out-of-range sh_link field, leading to unsafe memory access when Dtrace attaches to this process. The ELF parser can unintentionally read beyond allocated memory bounds without proper checks, resulting in potential denial of service through a NULL pointer dereference or allowing exploitation through garbage pointers. This vulnerability underscores the importance of stringent security measures to prevent unauthorized access and safeguard sensitive operations.

Affected Version(s)

Oracle Linux 8

Oracle Linux 9

Oracle Linux 10

References

https://linux.oracle.com/cve/CVE-2026-35233.html

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35233 Data

JSON