CVE-2026-5398 - Vulnerability Analysis
HighCVSS: 8.4Last Updated: April 22, 2026
TIOCNOTTY - Privilege Escalation
Published: April 22, 2026Updated: April 22, 2026
Overview
The implementation of TIOCNOTTY contains a use-after-free vulnerability caused by failure to clear a back-pointer from the controlling terminal structure to the calling process' session, letting a malicious process escalate privileges by exploiting a dangling pointer.
Severity & Score
Severity: High
CVSS Score: 8.4
Impact
A malicious process can gain root privileges by exploiting a dangling pointer after process exit.
Mitigation
Update to the latest version with the fix for TIOCNOTTY use-after-free vulnerability.
Related Resources
Details
- CVE ID
- CVE-2026-5398
- Severity
- High
- CVSS Score
- 8.4
- Type
- use_after_free
- Status
- unconfirmed
CWE
- CWE-416
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H