{"api_version":"1","generated_at":"2026-05-13T01:06:35+00:00","cve":"CVE-2026-5398","urls":{"html":"https://cve.report/CVE-2026-5398","api":"https://cve.report/api/cve/CVE-2026-5398.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-5398","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-5398"},"summary":{"title":"Kernel use-after-free bug in the TIOCNOTTY handler","description":"The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session.  If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory.\n\nA malicious process can abuse the dangling pointer to grant itself root privileges.","state":"PUBLISHED","assigner":"freebsd","published_at":"2026-04-22 03:16:01","updated_at":"2026-05-01 12:49:44"},"problem_types":["CWE-416","CWE-416 CWE-416: Use After Free"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.4","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.4","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:10.tty.asc","name":"https://security.freebsd.org/advisories/FreeBSD-SA-26:10.tty.asc","refsource":"secteam@freebsd.org","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-5398","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5398","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"FreeBSD","product":"FreeBSD","version":"affected 15.0-RELEASE p6 release","platforms":[]},{"source":"CNA","vendor":"FreeBSD","product":"FreeBSD","version":"affected 14.4-RELEASE p2 release","platforms":[]},{"source":"CNA","vendor":"FreeBSD","product":"FreeBSD","version":"affected 14.3-RELEASE p11 release","platforms":[]},{"source":"CNA","vendor":"FreeBSD","product":"FreeBSD","version":"affected 13.5-RELEASE p12 release","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Nicholas Carlini using Claude, Anthropic","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"beta3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"13.5","cpe7":"p9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.3","cpe7":"p9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.4","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.4","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"14.4","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"p2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"p3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"p4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5398","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"15.0","cpe7":"p5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"5398","cve":"CVE-2026-5398","epss":"0.000170000","percentile":"0.042940000","score_date":"2026-05-05","updated_at":"2026-05-06 00:08:10"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-5398","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-22T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-23T03:56:10.203Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","modules":["tty"],"product":"FreeBSD","vendor":"FreeBSD","versions":[{"lessThan":"p6","status":"affected","version":"15.0-RELEASE","versionType":"release"},{"lessThan":"p2","status":"affected","version":"14.4-RELEASE","versionType":"release"},{"lessThan":"p11","status":"affected","version":"14.3-RELEASE","versionType":"release"},{"lessThan":"p12","status":"affected","version":"13.5-RELEASE","versionType":"release"}]}],"credits":[{"lang":"en","type":"finder","value":"Nicholas Carlini using Claude, Anthropic"}],"datePublic":"2026-04-21T18:00:00.000Z","descriptions":[{"lang":"en","value":"The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session.  If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory.\n\nA malicious process can abuse the dangling pointer to grant itself root privileges."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416: Use After Free","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-22T02:23:56.767Z","orgId":"63664ac6-956c-4cba-a5d0-f46076e16109","shortName":"freebsd"},"references":[{"tags":["vendor-advisory"],"url":"https://security.freebsd.org/advisories/FreeBSD-SA-26:10.tty.asc"}],"title":"Kernel use-after-free bug in the TIOCNOTTY handler"}},"cveMetadata":{"assignerOrgId":"63664ac6-956c-4cba-a5d0-f46076e16109","assignerShortName":"freebsd","cveId":"CVE-2026-5398","datePublished":"2026-04-22T02:23:56.767Z","dateReserved":"2026-04-02T01:48:17.131Z","dateUpdated":"2026-04-23T03:56:10.203Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-22 03:16:01","lastModifiedDate":"2026-05-01 12:49:44","problem_types":["CWE-416","CWE-416 CWE-416: Use After Free"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:-:*:*:*:*:*:*","matchCriteriaId":"947F561E-AD65-43B9-94C1-3109A3D35248"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:beta3:*:*:*:*:*:*","matchCriteriaId":"4216D505-95A5-4FCC-8B9A-26FCD32B0445"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p1:*:*:*:*:*:*","matchCriteriaId":"3D1987F1-1E08-4B28-8D16-D25A091D99ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p10:*:*:*:*:*:*","matchCriteriaId":"4C859EE2-59C0-4234-BFF0-7794AC4956DD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p11:*:*:*:*:*:*","matchCriteriaId":"D1CEB391-5FA3-4FFD-9279-113093DD500D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p2:*:*:*:*:*:*","matchCriteriaId":"BEC1E8A0-0402-45F1-938D-FEFDCFC3E747"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p3:*:*:*:*:*:*","matchCriteriaId":"D94457D6-738F-4ABB-BD46-F2B621531FE2"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p4:*:*:*:*:*:*","matchCriteriaId":"8C38CB56-B80C-4D1B-9267-16E8F985B170"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p5:*:*:*:*:*:*","matchCriteriaId":"13DF1E38-5E8D-42FF-A4C5-092300864F3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p6:*:*:*:*:*:*","matchCriteriaId":"83A86F81-0965-4600-835A-496756137998"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p7:*:*:*:*:*:*","matchCriteriaId":"987E31A4-7E21-471E-A3EA-4E53FFDB3DFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p8:*:*:*:*:*:*","matchCriteriaId":"9FBFE8B3-DC7C-4394-B062-C40E201EC059"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:13.5:p9:*:*:*:*:*:*","matchCriteriaId":"563C1D65-625D-43FC-A7A0-75B1E2163C40"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*","matchCriteriaId":"9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*","matchCriteriaId":"D3D22B8C-36CF-4800-9673-0B0240558BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p10:*:*:*:*:*:*","matchCriteriaId":"7296F5AA-F8C1-4277-A4EE-C2B24073A320"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*","matchCriteriaId":"242FA2A8-5D7D-4617-A411-2651FF3A3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*","matchCriteriaId":"40573F60-F3B7-4AEC-846A-B08E5B7D9D00"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*","matchCriteriaId":"1FB832CE-0A98-44A2-8BAC-CD38A64279B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*","matchCriteriaId":"9A785F8E-C218-41AE-8D57-BF06DDAEF7CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*","matchCriteriaId":"C3909FDD-B2A2-45B6-A40B-1D303A717F15"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p7:*:*:*:*:*:*","matchCriteriaId":"720597A2-F181-46E1-8A0D-097E17ADC4FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p8:*:*:*:*:*:*","matchCriteriaId":"DC8A75D0-148A-427A-9783-45477EABED21"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.3:p9:*:*:*:*:*:*","matchCriteriaId":"F5D39FC9-6DBA-46C8-BB80-A6188E6A8527"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:-:*:*:*:*:*:*","matchCriteriaId":"8F3856BE-666F-4FA1-A6AD-FE179CEBF1E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:p1:*:*:*:*:*:*","matchCriteriaId":"D9CC0037-3282-42C3-80D8-F6C1D43B9332"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:14.4:rc1:*:*:*:*:*:*","matchCriteriaId":"0342A715-E211-4AF6-97ED-32EB9EBB947D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:-:*:*:*:*:*:*","matchCriteriaId":"368CFE5D-C5C2-42AF-AAF4-28DFE1A59C3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p1:*:*:*:*:*:*","matchCriteriaId":"AA4AAA57-70A7-4717-ACF2-A253E757FF2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p2:*:*:*:*:*:*","matchCriteriaId":"E24ABFA6-4D12-4DE5-832B-438502C7D188"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p3:*:*:*:*:*:*","matchCriteriaId":"C1C9869C-494B-4628-9AA3-4AA5B989C377"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p4:*:*:*:*:*:*","matchCriteriaId":"002AA2FE-C7BA-471A-9434-0E56A878ACBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:15.0:p5:*:*:*:*:*:*","matchCriteriaId":"B187670D-E3A2-4A0D-A653-982F8B447E78"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"5398","Ordinal":"1","Title":"Kernel use-after-free bug in the TIOCNOTTY handler","CVE":"CVE-2026-5398","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"5398","Ordinal":"1","NoteData":"The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session.  If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory.\n\nA malicious process can abuse the dangling pointer to grant itself root privileges.","Type":"Description","Title":"Kernel use-after-free bug in the TIOCNOTTY handler"}]}}}