Detections
Analytics
Linux Distros Unpatched Vulnerability : CVE-2026-35233
medium Nessus Plugin ID 312205
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.- An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of- range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via dtrace -p , pid probes, or USDT), the ELF parser reads heap memory beyond the allocated section cache array without any bounds check. This results in an uninitialized/out-of-bounds heap read that can cause a NULL pointer dereference crash of the dtrace process (DoS), or -- depending on heap layout -- a read-then-use of a garbage pointer controlled by adjacent allocations, providing a foothold toward further exploitation in a privileged context. (CVE-2026-35233)
Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.See Also
Plugin Details
Severity: Medium
ID: 312205
File Name: unpatched_CVE_2026_35233.nasl
Version: 1.1
Type: Local
Agent: unix
Family: Misc.
Published: 5/5/2026
Updated: 5/5/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v3
Risk Factor: Medium
Base Score: 4.4
Temporal Score: 4.1
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:U/RC:C
CVSS Score Source: CVE-2026-35233
Vulnerability Information
CPE: cpe:/o:canonical:ubuntu_linux:26.04, p-cpe:/a:canonical:ubuntu_linux:dtrace
Required KB Items: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 5/1/2026
Reference Information
CVE: CVE-2026-35233