CVE Catalog

CVE-2026-0137

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.07%

0th percentile - higher than 0% of all known CVEs

Summary

In the function edgetpu_sync_fence_group_shutdown() in the file edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege requiring system execution privileges.

Risk Assessment

This vulnerability could allow an attacker to gain higher privileges on the system, posing a serious security threat to the organization.

Recommendation

It is recommended to update the software to the latest version to mitigate this vulnerability and to monitor systems for unauthorized activities.

Original NVD description (English source)

In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS