Primary

Context

FreeBSD TIOCNOTTY Ioctl Use-After-Free Vulnerability Leading to Privilege Escalation

Vulnerability

Patched

A use-after-free vulnerability has been identified in the FreeBSD kernel's TIOCNOTTY ioctl handler, affecting all supported FreeBSD versions. The issue arises because the handler fails to remove a back-pointer from the terminal structure to the session of the calling process. As a result, when the process exits, the terminal structure may reference freed memory. This dangling pointer can be exploited by a malicious process to gain root privileges.

Impact

Exploitation of this vulnerability allows a process to escalate privileges to root.

Remediation

Users can upgrade to a supported FreeBSD stable or release branch dated after the correction date and reboot the system. Instructions for updating via the pkg utility, freebsd-update utility, or by applying a source code patch are available in the FreeBSD Security Advisory.

Added: Apr 22, 2026, 3:25 AM

Updated: Apr 22, 2026, 3:25 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

2.7

remediation

7.7

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

2.7

remediation

7.7

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeBSD TIOCNOTTY Ioctl Use-After-Free Vulnerability Leading to Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

FreeBSD

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating