CVE-2023-45592

Name of the Vulnerable Software and Affected Versions AiLux imx6 bundle versions prior to imx6 1.0.7-2

Description A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser exacerbates the impacts of successful attacks executed against the browser. This issue is due to the binary being executed with the “--no-sandbox” option and with root privileges.

Recommendations For AiLux imx6 bundle versions prior to imx6 1.0.7-2, update to version imx6 1.0.7-2 or later to resolve the issue. As a temporary workaround, consider disabling the execution of the Chromium browser with the “--no-sandbox” option and root privileges until a patch is available. Restrict access to the embedded Chromium browser to minimize the risk of exploitation.