The vulnerability is a stack buffer overflow in the uds-c library used by AGL agl-service-can-low-level. During a diagnostic request, the send_diagnostic_request function allocates a 6‑byte stack buffer but copies up to seven bytes without verifying the destination size, allowing 1–4 bytes to overflow into the stack. The unchecked payload_length field permits an attacker to control the overflow. On 32‑bit ARM automotive ECUs that have no stack canaries, the overflow can overwrite a return address and execute arbitrary code. The impact is a remote code execution capability on the affected ECU.

The flaw resides in the AGL agl-service-can-low-level component of Automotive Grade Linux. No specific product version information is provided; however, any installation of AGL that includes the uds-c library without the bounds check is susceptible. The issue affects 32‑bit ARM automotive ECUs running the AGL stack.

Because the vulnerability requires a crafted CAN diagnostic message, the likely attack vector is through the CAN bus interface, which typically requires local or proximate access to the vehicle network. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, but the CVSS score of 7.5 and the ability to overwrite a return address imply high severity. If an attacker can send a malicious message, the overflow can lead to full control of the ECU’s firmware, enabling the execution of arbitrary code and disabling or modifying vehicle functions.