A flaw in Oracle Linux’s DTrace tool, dtprobed, allows a malicious actor to create files anywhere on the system by supplying specially crafted User‑Level Statically Defined Tracing provider names. The resulting files could be binaries, configuration files, or other artifacts that might be used for persistence or privilege escalation if the attacker has sufficient rights. The vulnerability is classified as CWE‑22, indicating a file or directory creation or traversal issue.

Oracle Linux 8, 9, and 10 are affected. The common platform enumeration strings indicate that every release in these three major series is susceptible, and no sub‑version distinctions are provided, so any current installation of these operating systems should be considered vulnerable unless a vendor‑specific update is applied.

The CVSS score of 5.5 shows a medium severity, and the EPSS score of less than 1% suggests that automated exploitation is uncommon. The vulnerability is not listed in the CISA KEV catalog, so no widely deployed exploits are known. The likely attack vector requires an attacker to influence the dtprobed component or supply a crafted USDT provider name, which in practice means local or elevated privileges or the ability to trigger dtprobed. Based on the description, it is inferred that the attacker must run under a user with write access to the target directories or have the ability to execute dtprobed with such privileges. If such conditions are met, the flaw could enable arbitrary file creation, potentially leading to privilege escalation or persistence actions.