High severity7.5NVD Advisory· Published May 1, 2026· Updated May 20, 2026
CVE-2026-37530
CVE-2026-37530
Description
AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 bytes), resulting in 1-4 bytes of controlled stack overflow. The payload_length field (uint8_t) has no bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this can lead to return address overwrite and RCE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:o:linuxfoundation:automotive_grade_linux:*:*:*:*:*:*:*:*Range: <=17.1.12
- Range: <=17.1.12
Patches
Vulnerability mechanics
References
2- gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643nvdThird Party Advisory
- gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-levelnvdBroken Link
News mentions
0No linked articles in our index yet.