Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber
Lifecycle Timeline
4DescriptionCVE.org
Use After Free vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.C.
This issue affects Echo-Mate: before V250329.
AnalysisAI
A Use After Free vulnerability exists in the No-Chicken Echo-Mate SDK, specifically within the kernel memory management modules (rmap.C file), that can lead to denial of service and memory corruption. This vulnerability affects Echo-Mate versions prior to V250329 and has been reported by GovTech CSG. An attacker exploiting this flaw could trigger a crash or potentially achieve code execution through memory corruption, though the specific attack vector complexity remains dependent on the exposure of the affected kernel module.
Technical ContextAI
The vulnerability is classified as CWE-416 (Use After Free), a memory safety issue where the application continues to use a pointer after the memory it references has been freed. The affected component resides in the kernel memory management subsystem (mm modules) of the rv1106-sdk within Echo-Mate, specifically in the rmap.C file which handles reverse mapping of memory pages in the Linux kernel. The rv1106 appears to be a system-on-chip (SoC) platform, and this vulnerability affects the SDK provided by No-Chicken. Use-after-free in kernel memory management is particularly severe because it can corrupt kernel data structures, leading to privilege escalation, information disclosure, or denial of service.
RemediationAI
Upgrade No-Chicken Echo-Mate to version V250329 or later to resolve this vulnerability. The patch is available from the vendor's GitHub repository (https://github.com/No-Chicken/Echo-Mate/pull/9). For organizations unable to patch immediately, implement network segmentation to restrict access to systems running affected Echo-Mate instances, disable or isolate the kernel memory management features if they are not essential to core functionality, and monitor system logs for crashes or memory corruption indicators. Ensure that systems are kept up to date with the latest security patches from the kernel vendor as well, as kernel-level protections (such as SMEP, SMAP, or CFI) may help mitigate exploitation attempts.
Improper handling of values in the netfilter modules of Echo-Mate SDK versions before V250329 allows local attackers wit
A Use After Free (UAF) vulnerability exists in No-Chicken Echo-Mate prior to version V250329, allowing an attacker with
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14704
GHSA-9ggv-h22v-vfqv