Platform
linux
Component
freebsd
Opgelost in
p6
p2
p11
p12
CVE-2026-5398 describes a privilege escalation vulnerability discovered in the FreeBSD Kernel. This flaw arises from an improper handling of terminal structures within the TIOCNOTTY function, leading to a dangling pointer that can be exploited to gain root access. The vulnerability affects FreeBSD Kernel version 13.5-RELEASE–p12 and is resolved in version p12.
An attacker can exploit this vulnerability to escalate their privileges to root on the affected system. The attack involves leveraging a dangling pointer resulting from the TIOCNOTTY function's failure to clear a back-pointer to the calling process' session. After the process exits, the terminal structure retains a pointer to freed memory. A malicious process can then manipulate this dangling pointer to execute arbitrary code with root privileges, effectively gaining complete control over the system. This represents a significant security risk, potentially allowing attackers to compromise the entire system and access sensitive data.
CVE-2026-5398 was publicly disclosed on 2026-04-22. The vulnerability's potential for privilege escalation suggests a medium to high exploitation probability. No public proof-of-concept (PoC) code has been released as of this writing, but the technical description indicates a relatively straightforward exploitation path. It is not currently listed on the CISA KEV catalog.
Systems running FreeBSD Kernel 13.5-RELEASE–p12 are at risk. This includes servers, workstations, and embedded devices utilizing this kernel version. Environments with limited access controls or those running untrusted code are particularly vulnerable.
• linux / server:
journalctl -g 'TIOCNOTTY' --since "1 week ago"• linux / server:
ps aux | grep -i 'tiocnotty'• linux / server:
find / -type f -name '*tiocnotty*' 2>/dev/nulldisclosure
Exploit Status
EPSS
0.02% (4% percentiel)
The primary mitigation for CVE-2026-5398 is to upgrade to FreeBSD Kernel version 13.5-RELEASE–p12, which contains the fix. If immediate upgrading is not feasible, consider implementing temporary workarounds such as restricting access to the TIOCNOTTY function or implementing stricter process isolation. While a direct WAF rule is unlikely to be effective, monitoring system logs for unusual process behavior and memory access patterns can provide early detection. After upgrade, confirm by verifying the kernel version using uname -r and ensuring it reports 13.5-RELEASE–p12.
Actualice su sistema FreeBSD a la versión 15.0-RELEASE-p6, 14.4-RELEASE-p2, 14.3-RELEASE-p11 o 13.5-RELEASE-p12 para mitigar esta vulnerabilidad. Aplique las actualizaciones de seguridad proporcionadas por FreeBSD para corregir el error de uso de memoria después de la liberación en el controlador TIOCNOTTY. Consulte las notas de la versión para obtener instrucciones detalladas.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-5398 is a vulnerability in FreeBSD Kernel 13.5-RELEASE–p12 where a dangling pointer can be exploited to gain root privileges due to improper handling of terminal structures.
If you are running FreeBSD Kernel 13.5-RELEASE–p12, you are potentially affected. Upgrade to version p12 to resolve the vulnerability.
Upgrade to FreeBSD Kernel 13.5-RELEASE–p12. This version includes a fix for the dangling pointer issue.
There are currently no confirmed reports of active exploitation, but the vulnerability's nature suggests a potential for exploitation.
Refer to the official FreeBSD security advisories on the FreeBSD website for the latest information and updates regarding CVE-2026-5398.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.