Dangling Pointer Vulnerability in FreeBSD's TIOCNOTTY Implementation
CVE-2026-5398

8.4HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-5398?

The TIOCNOTTY implementation in FreeBSD presents a critical flaw wherein it fails to properly clear a back-pointer linking the controlling terminal structure to the session of the calling process. This oversight can lead to the retention of a pointer to freed memory. If a malicious process exploits this dangling pointer, it may gain unauthorized root privileges, thereby compromising the system's integrity. System administrators should review affected FreeBSD versions and apply necessary patches to mitigate this risk.

Affected Version(s)

FreeBSD 15.0-RELEASE

FreeBSD 14.4-RELEASE

FreeBSD 14.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:10....

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 2, 2026

Credit

Nicholas Carlini using Claude, Anthropic

CVE-2026-5398 Data

JSON