CVE-2026-0137
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk0th percentile - higher than 0% of all known CVEs
Summary
In the function edgetpu_sync_fence_group_shutdown() in the file edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege requiring system execution privileges.
Risk Assessment
This vulnerability could allow an attacker to gain higher privileges on the system, posing a serious security threat to the organization.
Recommendation
It is recommended to update the software to the latest version to mitigate this vulnerability and to monitor systems for unauthorized activities.
Original NVD description (English source)
In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

