Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab()
Articles & Coverage 1
AnalysisAI
DTrace process can be reliably crashed by unprivileged local attackers via a malicious ELF binary that triggers an integer divide-by-zero condition in the Pbuild_file_symtab() function, causing denial of service. CVSS 3.3 (low severity) reflects local-only attack vector and low privileges required, though the reliable crash mechanism and low exploitation complexity may elevate practical risk in multi-tenant or shared-system environments.
Technical ContextAI
DTrace (Dynamic Tracing) is Oracle's system tracing framework that analyzes kernel and application behavior in real-time. The vulnerability exists in the Pbuild_file_symtab() function, which is responsible for constructing symbol table information from ELF (Executable and Linkable Format) binaries during trace processing. An integer divide-by-zero condition is a type of arithmetic error (CWE-369) that occurs when code attempts division by zero, typically in symbol table field calculations such as dividing by section size, entry count, or alignment values parsed from a malformed ELF header or section. When a crafted ELF binary with anomalous section metadata is presented to DTrace, the unchecked division operation causes an immediate process crash rather than graceful error handling.
RemediationAI
Apply the security patch released by Oracle for this CVE; the specific patched version is not provided in available references - consult https://linux.oracle.com/cve/CVE-2026-21996.html for the exact version number. As an interim mitigation pending patch deployment, restrict execution permissions and file system access for unprivileged users to prevent them from loading or analyzing untrusted ELF binaries via DTrace; this reduces the attack surface by limiting the number of users who can trigger the vulnerable code path. Additionally, disable DTrace functionality entirely on systems where dynamic tracing is not required for operations, or run DTrace only with fully trusted binaries in controlled environments. Be aware that file permission restrictions may impact legitimate debugging or monitoring workflows, requiring operational changes.
Same weakness CWE-369 – Divide By Zero
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26700