CVE-2026-21991
Description
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2026-21991: dtprobed (DTrace) allows local low-privileged users to create arbitrary files via crafted USDT provider names, leading to a denial-of-service (availability impact).
Vulnerability
Overview
The DTrace component dtprobed contains a vulnerability that allows arbitrary file creation through the use of crafted USDT (User Statically Defined Tracing) provider names [1]. Specifically, when processing USDT provider names, the component does not properly sanitize input, enabling an attacker with local access and low privileges to create files at arbitrary locations on the file system. This behavior goes beyond the intended operation of DTrace's tracing functionality.
Exploitation
Conditions
Exploitation of this vulnerability requires local access to the system and the ability to invoke DTrace operations with crafted USDT provider names. The CVSS v3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates that an attacker must have local access and low privileges, but no user interaction is needed [1]. The attack complexity is low, meaning that the conditions for exploitation are not particularly difficult to achieve. The vulnerability does not require any special authentication mechanisms to be bypassed, as the affected component runs with the privileges of the calling user or service.
Impact
Assessment
The primary impact of CVE-2026-21991 is on system availability, as the ability to create arbitrary files can be leveraged to cause a denial-of-service condition [1]. An attacker might fill disk partitions, overwrite critical configuration files, or disrupt system services by creating files in unexpected locations. The CVSS score indicates no direct impact on confidentiality or integrity, but the availability impact is rated as high, making this a significant concern for systems where DTrace is enabled and accessible to unprivileged users.
Mitigation
Status
Oracle has released errata updates for affected platforms: Oracle Linux version 8, 9, and 10, with multiple packages updated on March 13, 2026 (ELSA-2026-50151, ELSA-2026-50152, ELSA-2026-50153) [1]. Administrators are advised to apply these updates promptly. There is no mention of this CVE being listed in the Known Exploited Vulnerabilities (KEV) catalog at the time of publication. As a workaround, restricting local access to DTrace utilities or applying the principle of least privilege may reduce exposure.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:o:oracle:linux:10:0:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:oracle:linux:10:0:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:9:0:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- linux.oracle.com/cve/CVE-2026-21991.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.