Security
Security
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.
| Package | dev-debug/dtrace on all architectures |
|---|---|
| Affected versions | < 2.0.6 |
| Unaffected versions | >= 2.0.6 |
DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper.
A vulnerability has been found in dtprobed that allows for arbitrary file creation through specially crafted USDT provider names.
The worst possible outcome is the ability for an attacker to run arbitrary code via the maliciously created file.
There is no known workaround at this time.
All DTrace users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-debug/dtrace-2.0.6"
Release date
April 17, 2026
Latest revision
April 17, 2026: 1
Severity
normal
Exploitable
local
Bugzilla entries