TIOCNOTTY ハンドラにおける Kernel use-after-free バグ
プラットフォーム
linux
コンポーネント
freebsd
修正版
p6
p2
p11
p12
CVE-2026-5398 describes a privilege escalation vulnerability discovered in the FreeBSD Kernel. This flaw arises from an improper handling of terminal structures within the TIOCNOTTY function, leading to a dangling pointer that can be exploited to gain root access. The vulnerability affects FreeBSD Kernel version 13.5-RELEASE–p12 and is resolved in version p12.
影響と攻撃シナリオ翻訳中…
An attacker can exploit this vulnerability to escalate their privileges to root on the affected system. The attack involves leveraging a dangling pointer resulting from the TIOCNOTTY function's failure to clear a back-pointer to the calling process' session. After the process exits, the terminal structure retains a pointer to freed memory. A malicious process can then manipulate this dangling pointer to execute arbitrary code with root privileges, effectively gaining complete control over the system. This represents a significant security risk, potentially allowing attackers to compromise the entire system and access sensitive data.
悪用の状況翻訳中…
CVE-2026-5398 was publicly disclosed on 2026-04-22. The vulnerability's potential for privilege escalation suggests a medium to high exploitation probability. No public proof-of-concept (PoC) code has been released as of this writing, but the technical description indicates a relatively straightforward exploitation path. It is not currently listed on the CISA KEV catalog.
リスク対象者翻訳中…
Systems running FreeBSD Kernel 13.5-RELEASE–p12 are at risk. This includes servers, workstations, and embedded devices utilizing this kernel version. Environments with limited access controls or those running untrusted code are particularly vulnerable.
検出手順翻訳中…
• linux / server:
journalctl -g 'TIOCNOTTY' --since "1 week ago"• linux / server:
ps aux | grep -i 'tiocnotty'• linux / server:
find / -type f -name '*tiocnotty*' 2>/dev/null攻撃タイムライン
- Disclosure
disclosure
脅威インテリジェンス
エクスプロイト状況
EPSS
0.02% (4% パーセンタイル)
影響を受けるソフトウェア
弱点分類 (CWE)
タイムライン
- 予約済み
- 公開日
- 更新日
- EPSS 更新日
緩和策と回避策翻訳中…
The primary mitigation for CVE-2026-5398 is to upgrade to FreeBSD Kernel version 13.5-RELEASE–p12, which contains the fix. If immediate upgrading is not feasible, consider implementing temporary workarounds such as restricting access to the TIOCNOTTY function or implementing stricter process isolation. While a direct WAF rule is unlikely to be effective, monitoring system logs for unusual process behavior and memory access patterns can provide early detection. After upgrade, confirm by verifying the kernel version using uname -r and ensuring it reports 13.5-RELEASE–p12.
修正方法翻訳中…
Actualice su sistema FreeBSD a la versión 15.0-RELEASE-p6, 14.4-RELEASE-p2, 14.3-RELEASE-p11 o 13.5-RELEASE-p12 para mitigar esta vulnerabilidad. Aplique las actualizaciones de seguridad proporcionadas por FreeBSD para corregir el error de uso de memoria después de la liberación en el controlador TIOCNOTTY. Consulte las notas de la versión para obtener instrucciones detalladas.
CVEセキュリティニュースレター
脆弱性分析と重要アラートをメールでお届けします。
よくある質問翻訳中…
What is CVE-2026-5398 — Privilege Escalation in FreeBSD Kernel?
CVE-2026-5398 is a vulnerability in FreeBSD Kernel 13.5-RELEASE–p12 where a dangling pointer can be exploited to gain root privileges due to improper handling of terminal structures.
Am I affected by CVE-2026-5398 in FreeBSD Kernel?
If you are running FreeBSD Kernel 13.5-RELEASE–p12, you are potentially affected. Upgrade to version p12 to resolve the vulnerability.
How do I fix CVE-2026-5398 in FreeBSD Kernel?
Upgrade to FreeBSD Kernel 13.5-RELEASE–p12. This version includes a fix for the dangling pointer issue.
Is CVE-2026-5398 being actively exploited?
There are currently no confirmed reports of active exploitation, but the vulnerability's nature suggests a potential for exploitation.
Where can I find the official FreeBSD advisory for CVE-2026-5398?
Refer to the official FreeBSD security advisories on the FreeBSD website for the latest information and updates regarding CVE-2026-5398.