CVE-2026-35233
Analyzed Analyzed - Analysis Complete
Heap Out-of-Bounds Read in DTrace

Publication date: 2026-05-01

Last updated on: 2026-05-05

Assigner: Oracle

Description
An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via dtrace -p , pid probes, or USDT), the ELF parser reads heap memory beyond the allocated section cache array without any bounds check. This results in an uninitialized/out-of-bounds heap read that can cause a NULL pointer dereference crash of the dtrace process (DoS), or -- depending on heap layout -- a read-then-use of a garbage pointer controlled by adjacent allocations, providing a foothold toward further exploitation in a privileged context.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-35233
EUVD
EUVD-2026-26702
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
oracle linux 8
oracle linux 10
oracle linux 9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves an unprivileged attacker creating a malicious ELF binary with an out-of-range sh_link field. When a root-level dtrace process attaches to or instruments this malicious process, the ELF parser reads memory beyond the allocated section cache array without proper bounds checking. This causes an out-of-bounds heap read which can lead to a NULL pointer dereference crash (denial of service) or potentially allow the attacker to exploit the dtrace process further by using a garbage pointer controlled by adjacent memory allocations.

Impact Analysis

The vulnerability can impact you by causing the dtrace process running with root privileges to crash, resulting in a denial of service (DoS). Additionally, depending on the heap memory layout, it may allow an attacker to gain a foothold for further exploitation in a privileged context, potentially compromising system security.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate this vulnerability, you should apply the errata fixes released by Oracle for the dtrace package in Oracle Linux versions 8, 9, and 10.

These updates address the issue by correcting the ELF parser's handling of the sh_link field to prevent out-of-bounds heap reads.

Ensure your system is updated with the latest patches dated April 30, 2026, or later.

Detection Guidance

This vulnerability involves a malicious ELF binary crafted with an out-of-range sh_link field that triggers issues when dtrace attaches to the process. Detection would involve identifying such malicious ELF binaries or monitoring dtrace usage for crashes or unusual behavior.

There are no specific detection commands or tools provided in the available resources or CVE description.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35233. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart