Impact
An integer overflow in the ExecuteGraph command handler of EdgeTPU firmware can result in an out‑of‑bounds write that elevates a local process to root privileges. The exploit does not require any user interaction or special conditions beyond the ability to issue the ExecuteGraph command, which means that any malicious application or code running on the device could potentially trigger it.
Affected Systems
All Google Android devices that include EdgeTPU firmware. No specific model or firmware version is listed, so the vulnerability may affect current and future EdgeTPU releases until the issue is patched.
Risk and Exploitability
The scoring reflects a high severity with a CVSS score of 7.8 and a very low EPSS of less than 1 %. The vulnerability is not yet listed in CISA's KEV catalog. Because the flaw allows an out‑of‑bounds write that results in privilege escalation, an attacker with local code execution can gain root authority without needing to interact with a user interface. The lack of user interaction and the local nature of the flaw mean that any privileged permissions granted to applications that can communicate with the EdgeTPU firmware could be abused to carry out the exploit.
OpenCVE Enrichment