CVE-2026-5398

CVE-2026-5398 : A kernel use-after-free in the TIOCNOTTY handler allows a malicious process to abuse a dangling back-pointer from the controlling terminal to the caller’s session to gain root privileges. Affects FreeBSD kernel (tty subsystem) across multiple branches; the issue arises because the...

CVE-2026-5398 Kernel use-after-free bug in the TIOCNOTTY handler

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A malicious process can abuse the...

EUVD-2026-24589

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A malicious process can abuse the...

PT-2026-34416

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmt add adv patterns monitor complete This fixes the condition checking so mgmt pending valid is executed whenever status != -ECANCELED otherwise calling mgmt pending freecmd would kfreec...

FreeBSD : FreeBSD -- Kernel use-after-free bug in the TIOCNOTTY handler (971b5528-3def-11f1-bb07-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 971b5528-3def-11f1-bb07-bc241121aa0a advisory. The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the...

PT-2026-34241

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The implementation of TIOCNOTTY fails to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the...

FreeBSD 资源管理错误漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a resource management vulnerability in FreeBSD, which stems from the TIOCNOTTY implementation failing to clear the pointer pointing to the control terminal structure of the calling process. This could allow...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012951)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012951 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into accoun...

FreeBSD Security Advisory - FreeBSD-SA-26:10.tty

FreeBSD Security Advisory - The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A...

CVE-2026-26399

A stack-use-after-return issue exists in the ArduinoCoreSTM32 library prior to version 1.7.0. The pwmstart function allocates a TIMHandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function...

Linux Distros Unpatched Vulnerability : CVE-2026-6068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NASM contains a heap use after free vulnerability in response file -@ processing where a dangling pointer to freed memory is stored in the global dependfile and...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007286)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007286 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect Garbage collector does not take into accoun...

PSF-0000-CVE-2026-6100

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

EUVD-2026-21380

NASM contains a heap use after free vulnerability in response file -@ processing where a dangling pointer to freed memory is stored in the global dependfile and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the response file processing due to a dangling pointer to freed memory being stored in the global dependfile and later dereferenced after the response-file buffer is freed. An attacker can cause data corruption or...

DEBIAN-CVE-2026-6068

NASM contains a heap use after free vulnerability in response file -@ processing where a dangling pointer to freed memory is stored in the global dependfile and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code executi...

UBUNTU-CVE-2026-6068

NASM contains a heap use after free vulnerability in response file -@ processing where a dangling pointer to freed memory is stored in the global dependfile and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code executi...

CVE-2026-6068

CVE-2026-6068 affects NASM. A heap-use-after-free in response file processing (-@) stores a dangling pointer to freed memory in the global depend_file, which is later dereferenced after the response-file buffer is freed. This can cause data corruption and, per sources, may enable remote code exec...

CVE-2026-6068 CVE-2026-6068

NASM contains a heap use after free vulnerability in response file -@ processing where a dangling pointer to freed memory is stored in the global dependfile and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code executi...

PT-2026-31918

Name of the Vulnerable Software and Affected Versions NASM affected versions not specified Description A heap use after free issue exists during response file -@ processing. A dangling pointer to freed memory is stored in the global depend file and subsequently dereferenced because the...