CVE-2022-24595

Name of the Vulnerable Software and Affected Versions Automotive Grade Linux Kooky Koi versions 11.0.0 through 11.0.5

Description The issue is related to Incorrect Access Control in usr/bin/afb-daemon. To exploit this, an attacker needs to send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials or user interactions are required.

Recommendations For versions 11.0.0 through 11.0.5, consider restricting access to the afb-daemon process to minimize the risk of exploitation. As a temporary workaround, consider disabling the afb-daemon process until a patch is available. Avoid using the afb-daemon socket in the affected setup until the issue is resolved.