CVE-2026-4737
Received Received - Intake
Use-After-Free in Echo-Mate Kernel Module Risks Memory Corruption

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)

Description
Use After Free vulnerability in No-Chicken Echo-Mate (β€ŽSDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.Cβ€Ž. This issue affects Echo-Mate: before V250329.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4737
EUVD
EUVD-2026-14704
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
no-chicken echo-mate to 250329 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4737 is a Use After Free vulnerability found in the Echo-Mate project, specifically in the cloned kernel code within the function anon_vma->degree located in the file SDK/rv1106-sdk/sysdrv/source/kernel/mm/rmap.c.

This vulnerability originated because the Echo-Mate code was cloned from the Linux kernel but missed a critical security patch that had been applied upstream. The missing patch led to improper handling of anon_vma->degree, which could be exploited.

The issue was fixed by backporting the security patch from the original Linux kernel (commit 2555283), eliminating the security risk.

Impact Analysis

This Use After Free vulnerability can lead to potential exploitation of the Echo-Mate system, possibly allowing an attacker with limited privileges to cause memory corruption or execute arbitrary code.

Given the CVSS base score of 7.3, the vulnerability is considered high severity, indicating a significant risk if exploited.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2026-4737 vulnerability, you should apply the security patch that fixes the use-after-free issue in the anon_vma->degree function within the Echo-Mate kernel code.

This patch is based on the upstream Linux kernel commit 2555283 and was backported to Echo-Mate in a pull request merged on November 30, 2025.

Updating your Echo-Mate installation to a version including this patch (i.e., version V250329 or later) will eliminate the security risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4737. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart