Linuxfoundation Automotive_grade_linux
6 CVEs affecting Linuxfoundation Automotive_grade_linux. Latest disclosed: 2026-05-01. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-37531 | Critical | 9.8 | 2026-05-01 | AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget ins… |
CVE-2026-37526 | High | 7.8 | 2026-05-01 | AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, De… |
CVE-2026-37525 | High | 7.8 | 2026-05-01 | AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call fun… |
CVE-2026-37530 | High | 7.5 | 2026-05-01 | AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-b… |
CVE-2022-48363 | High | 7.5 | 2023-02-26 | In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving… |
CVE-2026-37532 | High | 7.1 | 2026-05-01 | AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_le… |