HIGH
Automotive Grade Linux
CVE published 2026-05-01
CVE-2026-37530
CVE-2026-37530 describes a stack-based buffer overflow in Automotive Grade Linux (AGL) agl-service-can-low-level, through version 17.1.12, inside the uds-c library. The issue is in send_diagnostic_request in uds.c, where a 6-byte stack buffer can be overrun by a memcpy path that may copy up to 7 bytes at an offset derived from pid_length. NVD assigns CVSS 7.5 (HIGH) and maps the weakness to CWE-121. Becau [truncated]