An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to or instruments this process (via dtrace -p, pid probes, or USDT), the ELF parser reads heap memory beyond the allocated section cache array without bounds checking. This results in an uninitialized or out-of-bounds heap read that can cause a NULL pointer dereference crash of the dtrace process (denial of service) or, depending on heap layout, a read-then-use of a garbage pointer controlled by adjacent allocations. This behavior provides a potential foothold toward further exploitation in a privileged context. The vulnerability affects Oracle Linux versions 8, 9, and 10. The CVSS 3.1 base score is 4.4, reflecting low attack complexity and privileges required but limited impact on confidentiality and integrity.

The vulnerability can cause a denial-of-service condition by crashing the root-level dtrace process due to a NULL pointer dereference. Additionally, depending on heap memory layout, it may allow an attacker to read and use a garbage pointer, potentially enabling further exploitation in a privileged context. There is no impact on confidentiality reported. The overall impact is limited to integrity and availability with medium severity. No known exploits have been observed in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or remediation level is provided, users should monitor Oracle's advisories for updates. Until a fix is available, avoid attaching dtrace with root privileges to untrusted or suspicious user-space processes containing ELF binaries with potentially malformed section headers.