CVE-2026-0137
Description
A use-after-free in edgetpu_sync_fence_group_shutdown() allows local escalation of privilege on Pixel devices.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free in edgetpu_sync_fence_group_shutdown() allows local escalation of privilege on Pixel devices.
Vulnerability
The vulnerability is a use-after-free in the function edgetpu_sync_fence_group_shutdown() within the file edgetpu-dmabuf.c, part of the Edge TPU driver for Pixel devices. This occurs when a sync fence group is shut down, potentially accessing freed memory. Affected versions are those prior to the June 2026 security patch level (2026-06-05) on supported Pixel devices [1].
Exploitation
An attacker requires System execution privileges (e.g., a system app or process) to trigger the vulnerable code path. No user interaction is needed. The attacker can cause the use-after-free condition by manipulating sync fence group operations, leading to memory corruption.
Impact
Successful exploitation leads to local escalation of privilege within the kernel context. The attacker can gain elevated privileges, potentially achieving arbitrary code execution in the kernel.
Mitigation
Google released a fix as part of the June 2026 Pixel Update Bulletin, with security patch level 2026-06-05. Users should update their Pixel devices to this patch level or later [1].
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.