Stay Secure with the Latest Linux Advisories

security advisoryGentooarbitrary file creation

Gentoo DTrace Arbitrary File Creation Normal Risk 202604-04

A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202604-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: DTrace: Arbitrary file creation via dtprobed Date: April 17, 2026 Bugs: #971491 ID: 202604-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. Background ========== DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-debug/dtrace < 2.0.6 > = 2.0.6 Description =========== A vulnerability has been found in dtprobed that allows for arbitrary file creation through specially crafted USDT provider names. Impact ====== The worst possible outcome is the ability for an attacker to run arbitrary code via the maliciously created file. Workaround ========== There is no known workaround at this time. Resolution ========== All DTrace users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-debug/dtrace-2.0.6" References ========== [ 1 ] CVE-2026-21991 https://nvd.nist.gov/vuln/detail/CVE-2026-21991 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202604-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2026 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Explore the DTrace dtprobed arbitrary file creation risk and update guidance in Gentoo's security advisory dated April 17, 2026.. DTrace, Gentoo, dtprobed, security advisory, arbitrary code execution. . Severity: Medium. LinuxSecurity.com Team

Apr 17, 2026 •Medium Gentoo