Description
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.
Published: 2026-03-16
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Creation
Action: Assess Impact
AI Analysis

Impact

A DTrace component, dtprobed, allows the creation of arbitrary files on the system when exposed to specially crafted User‑Stated Tracing (USDT) provider names. This flaw gives an attacker the ability to write files to any location within the file system that the dtprobed process can write to, potentially enabling privilege escalation or other malicious actions. The weakness is classified as CWE‑22, indicating improper handling of absolute or relative file paths.

Affected Systems

The vulnerability applies to the Oracle Linux operating system distributed by Oracle Corporation. No specific version information is currently listed in the extracted CNA data, so all builds that contain the affected dtprobed component should be considered potentially impacted until vendor guidance is available.

Risk and Exploitability

The publicly available CVSS score for this issue is 5.5, indicating a moderate severity. The EPSS score is <1%, suggesting a low probability of exploitation in the wild. Because the vulnerability is not listed in the CISA KEV catalog, no evidence of active exploitation has been reported. Attackers would need to supply crafted USDT provider names to the dtprobed daemon, but the exact attack vector (e.g., local vs. remote) is not detailed in the advisory, so it is inferred that the flaw may require local access or interaction with the DTrace framework.

Generated by OpenCVE AI on March 17, 2026 at 16:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Oracle's official advisories for a patch or updated release that addresses the dtprobed flaw.
  • Limit access to the dtrace and dtprobed utilities to trusted users or services, and enforce SELinux/AppArmor policies to prevent unauthorized file creation.
  • Continuously monitor filesystem events and audit logs for unexpected file creation activity that could indicate exploitation.

Generated by OpenCVE AI on March 17, 2026 at 16:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title DTrace dtprobed Arbitrary File Creation via Crafted USDT Provider Names

Tue, 17 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Oracle Corporation
Oracle Corporation oracle Linux
Vendors & Products Oracle Corporation
Oracle Corporation oracle Linux

Mon, 16 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Corporation Oracle Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-03-17T13:35:45.790Z

Reserved: 2026-01-05T18:07:34.717Z

Link: CVE-2026-21991

cve-icon Vulnrichment

Updated: 2026-03-17T13:35:41.575Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T22:16:18.397

Modified: 2026-03-17T14:20:01.670

Link: CVE-2026-21991

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:49:45Z

Weaknesses