HIGHCVE-2026-5398Published Modified CNA freebsd
CVE-2026-5398: Kernel use-after-free bug in the TIOCNOTTY handler
The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A malicious process can abuse the dangling pointer to grant itself root privileges.
Metrics
- CVSS v3.1
- 8.4
- Severity
- HIGH
- Fixed in
- p11
- Affected Products
- 1
Fix available
p11p12p2p6
Affected packages
- FreeBSD / FreeBSD< p6 (from 15.0-RELEASE) · < p2 (from 14.4-RELEASE) · < p11 (from 14.3-RELEASE) · < p12 (from 13.5-RELEASE)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences