CVE-2023-45591

Name of the Vulnerable Software and Affected Versions AiLux imx6 bundle versions prior to imx6 1.0.7-2

Description A heap-based buffer overflow vulnerability in the logger generic function of the Ax rtu binary allows a remote authenticated attacker to trigger a memory corruption. This may result in a Denial-of-Service (DoS) condition, possibly in the execution of arbitrary code with the same privileges of the process (root), or have other unspecified impacts on the device.

Recommendations For AiLux imx6 bundle versions prior to imx6 1.0.7-2, update to version imx6 1.0.7-2 or later to resolve the issue. As a temporary workaround, consider disabling the logger generic function in the Ax rtu binary until a patch is available. Restrict access to the Ax rtu binary to minimize the risk of exploitation.