CVE-2026-5398

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory.

A malicious process can abuse the dangling pointer to grant itself root privileges.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2026-5398

Affected Products

Freebsd

CVE-2026-5398

Weakness Enumeration

Related Identifiers

Affected Products

References · 2