Oracle DTrace Integer Divide-by-Zero Crash via Malicious ELF: CVE-2026-21996 May 2026

An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab()

Vulnerability Analysis

CVE-2026-21996 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

LOW

Weakness Type

Divide By Zero

The product divides a value by zero. This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height.

Products Associated with CVE-2026-21996

Want to know whenever a new CVE is published for Oracle Linux? stack.watch will email you.

Oracle DTrace Integer Divide-by-Zero Crash via Malicious ELF
CVE-2026-21996 Published on May 1, 2026

Vulnerability Analysis

Weakness Type

Divide By Zero

Products Associated with CVE-2026-21996

Affected Versions

Oracle DTrace Integer Divide-by-Zero Crash via Malicious ELFCVE-2026-21996 Published on May 1, 2026

Vulnerability Analysis

Weakness Type

Divide By Zero

Products Associated with CVE-2026-21996

Affected Versions

Oracle DTrace Integer Divide-by-Zero Crash via Malicious ELF
CVE-2026-21996 Published on May 1, 2026