VYPR

Automotive Grade Linux

by Linux Foundation

CVEs (4)

  • CVE-2026-37526HigMay 1, 2026
    risk 0.51cvss 7.8epss 0.00

    AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The…

  • CVE-2026-37530HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.00

    AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy…

  • CVE-2026-37532HigMay 1, 2026
    risk 0.46cvss 7.1epss 0.00

    AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a…

  • CVE-2022-24595Mar 18, 2022
    risk 0.00cvss epss 0.02

    Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the…