Skip to main content

Echo Mate EUVDEUVD-2026-14704

| CVE-2026-4737 HIGH
Use After Free (CWE-416)
2026-03-24 GovTech CSG GHSA-9ggv-h22v-vfqv
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
N

Lifecycle Timeline

4
EUVD ID Assigned
Mar 24, 2026 - 03:30 euvd
EUVD-2026-14704
Analysis Generated
Mar 24, 2026 - 03:30 vuln.today
Patch released
Mar 24, 2026 - 03:30 nvd
Patch available
CVE Published
Mar 24, 2026 - 03:16 nvd
HIGH 7.3

DescriptionCVE.org

Use After Free vulnerability in No-Chicken Echo-Mate (‎SDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.C‎.

This issue affects Echo-Mate: before V250329.

AnalysisAI

A Use After Free vulnerability exists in the No-Chicken Echo-Mate SDK, specifically within the kernel memory management modules (rmap.C file), that can lead to denial of service and memory corruption. This vulnerability affects Echo-Mate versions prior to V250329 and has been reported by GovTech CSG. An attacker exploiting this flaw could trigger a crash or potentially achieve code execution through memory corruption, though the specific attack vector complexity remains dependent on the exposure of the affected kernel module.

Technical ContextAI

The vulnerability is classified as CWE-416 (Use After Free), a memory safety issue where the application continues to use a pointer after the memory it references has been freed. The affected component resides in the kernel memory management subsystem (mm modules) of the rv1106-sdk within Echo-Mate, specifically in the rmap.C file which handles reverse mapping of memory pages in the Linux kernel. The rv1106 appears to be a system-on-chip (SoC) platform, and this vulnerability affects the SDK provided by No-Chicken. Use-after-free in kernel memory management is particularly severe because it can corrupt kernel data structures, leading to privilege escalation, information disclosure, or denial of service.

RemediationAI

Upgrade No-Chicken Echo-Mate to version V250329 or later to resolve this vulnerability. The patch is available from the vendor's GitHub repository (https://github.com/No-Chicken/Echo-Mate/pull/9). For organizations unable to patch immediately, implement network segmentation to restrict access to systems running affected Echo-Mate instances, disable or isolate the kernel memory management features if they are not essential to core functionality, and monitor system logs for crashes or memory corruption indicators. Ensure that systems are kept up to date with the latest security patches from the kernel vendor as well, as kernel-level protections (such as SMEP, SMAP, or CFI) may help mitigate exploitation attempts.

Share

EUVD-2026-14704 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy