Linuxfoundation

Automotive Grade Linux

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.14%
  • Veröffentlicht 01.05.2026 00:00:00
  • Zuletzt bearbeitet 18.05.2026 17:09:43

AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitly nullifies the request credentials by calling afb_...

  • EPSS 0.12%
  • Veröffentlicht 01.05.2026 00:00:00
  • Zuletzt bearbeitet 18.05.2026 17:10:29

AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervi...

  • EPSS 0.4%
  • Veröffentlicht 01.05.2026 00:00:00
  • Zuletzt bearbeitet 20.05.2026 15:25:15

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_...

  • EPSS 0.71%
  • Veröffentlicht 01.05.2026 00:00:00
  • Zuletzt bearbeitet 18.05.2026 17:12:36

AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names bu...

  • EPSS 0.23%
  • Veröffentlicht 01.05.2026 00:00:00
  • Zuletzt bearbeitet 15.05.2026 15:38:17

AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding va...