CVE-2026-37530

HIGH EPSS 32.0%

Published May 1, 20261mo ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published May 1, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 bytes), resulting in 1-4 bytes of controlled stack overflow. The payload_length field (uint8_t) has no bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this can lead to return address overwrite and RCE.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

32.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-121

Affected Products 1

Vendor	Product	Version	Range
linuxfoundation	automotive_grade_linux	*	≤17.1.12

References 2

gerrit.automotivelinux.org https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-level

Broken Link
gist.github.com https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.