CVE-2026-35233 — MEDIUM (4.4)

Vulnerability Description

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via dtrace -p , pid probes, or USDT), the ELF parser reads heap memory beyond the allocated section cache array without any bounds check. This results in an uninitialized/out-of-bounds heap read that can cause a NULL pointer dereference crash of the dtrace process (DoS), or -- depending on heap layout -- a read-then-use of a garbage pointer controlled by adjacent allocations, providing a foothold toward further exploitation in a privileged context.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Oracle	Linux	8

Related Weaknesses (CWE)

CWE-125

References

https://linux.oracle.com/cve/CVE-2026-35233.htmlVendor Advisory

FAQ

What is CVE-2026-35233?

CVE-2026-35233 is a vulnerability with a CVSS score of 4.4 (MEDIUM). An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via ...

How severe is CVE-2026-35233?

CVE-2026-35233 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-35233?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Linux.