QwikSec

Security Database

CVE

CWE

Training

CVE-2026-5398

Published: Apr 22, 2026

Modified: Apr 23, 2026

PUBLISHED

Description

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A malicious process can abuse the dangling pointer to grant itself root privileges.

Vendor	Product	Versions
FreeBSD	FreeBSD	affected `15.0-RELEASE - < p6` affected `14.4-RELEASE - < p2` affected `14.3-RELEASE - < p11` affected `13.5-RELEASE - < p12`

Weaknesses (CWE)

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:10.tty.asc

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.