CVE-2026-5398

EPSS 0.02%
Veröffentlicht 22.04.2026 02:23:56
Zuletzt bearbeitet 01.05.2026 12:49:44
Quelle secteam@freebsd.org
CVE-Watchlists
Login
Unerledigt
Login

Kernel use-after-free bug in the TIOCNOTTY handler

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session.  If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory.

A malicious process can abuse the dangling pointer to grant itself root privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 33 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version13.5 Update-

Freebsd ≫ Freebsd Version13.5 Updatebeta3

Freebsd ≫ Freebsd Version13.5 Updatep1

Freebsd ≫ Freebsd Version13.5 Updatep10

Freebsd ≫ Freebsd Version13.5 Updatep11

Freebsd ≫ Freebsd Version13.5 Updatep2

Freebsd ≫ Freebsd Version13.5 Updatep3

Freebsd ≫ Freebsd Version13.5 Updatep4

Freebsd ≫ Freebsd Version13.5 Updatep5

Freebsd ≫ Freebsd Version13.5 Updatep6

Freebsd ≫ Freebsd Version13.5 Updatep7

Freebsd ≫ Freebsd Version13.5 Updatep8

Freebsd ≫ Freebsd Version13.5 Updatep9

Freebsd ≫ Freebsd Version14.3 Update-

Freebsd ≫ Freebsd Version14.3 Updatep1

Freebsd ≫ Freebsd Version14.3 Updatep10

Freebsd ≫ Freebsd Version14.3 Updatep2

Freebsd ≫ Freebsd Version14.3 Updatep3

Freebsd ≫ Freebsd Version14.3 Updatep4

Freebsd ≫ Freebsd Version14.3 Updatep5

Freebsd ≫ Freebsd Version14.3 Updatep6

Freebsd ≫ Freebsd Version14.3 Updatep7

Freebsd ≫ Freebsd Version14.3 Updatep8

Freebsd ≫ Freebsd Version14.3 Updatep9

Freebsd ≫ Freebsd Version14.4 Update-

Freebsd ≫ Freebsd Version14.4 Updatep1

Freebsd ≫ Freebsd Version14.4 Updaterc1

Freebsd ≫ Freebsd Version15.0 Update-

Freebsd ≫ Freebsd Version15.0 Updatep1

Freebsd ≫ Freebsd Version15.0 Updatep2

Freebsd ≫ Freebsd Version15.0 Updatep3

Freebsd ≫ Freebsd Version15.0 Updatep4

Freebsd ≫ Freebsd Version15.0 Updatep5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.067

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://security.freebsd.org/advisories/FreeBSD-SA-26:10.tty.asc

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-5398

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-5398

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-5398

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-5398