CVE-2026-37526 Overview
CVE-2026-37526 affects the Automotive Grade Linux (AGL) app-framework-binder daemon (afb-daemon) through version 19.90.0. The daemon exposes a privileged supervision channel over an abstract Unix socket at @urn:AGL:afs:supervision:socket. Any local process can connect to that socket and issue supervision commands without authentication. The on_supervision_call function in src/afb-supervision.c dispatches all eight commands without verifying caller credentials. Abstract Unix sockets carry no Discretionary Access Control (DAC), a limitation acknowledged in the official CAUTION comment in src/afs-supervision.h. The flaw maps to [CWE-284] Improper Access Control.
Critical Impact
A low-privileged local process can terminate the daemon, invoke arbitrary API calls, close active user sessions, and exfiltrate the entire global configuration.
Affected Products
- AGL app-framework-binder (afb-daemon) through v19.90.0
- Automotive Grade Linux distributions bundling afb-daemon
- Any in-vehicle infotainment platform integrating the affected supervision interface
Discovery Timeline
- 2026-05-01 - CVE-2026-37526 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2026-37526
Vulnerability Analysis
The afb-daemon supervision interface listens on an abstract namespace Unix socket identified by @urn:AGL:afs:supervision:socket. Abstract sockets bypass the filesystem and therefore inherit no file permissions, ownership, or access control list checks. Linux exposes them to every process inside the same network namespace. The on_supervision_call function reads incoming protocol messages and dispatches them to handlers for the eight supervision commands: Exit, Do, Sclose, Config, Trace, Debug, Token, and slist.
None of these handlers consult SO_PEERCRED, SO_PEERSEC, or any other peer credential mechanism before acting. A local attacker can therefore send Exit to terminate the daemon and cause denial of service. The Do command lets the attacker invoke any registered binder API with arbitrary parameters. The Sclose command forcibly closes legitimate user sessions, while Config returns the full daemon configuration including secrets and routing data. The Trace and Debug commands enable runtime instrumentation that can leak request payloads.
Root Cause
The supervision channel was added in commit b8c9d5de384efcfa53ebdb3f0053d7b3723777e1 on 2017-06-29. The design relied on the abstract socket namespace for isolation rather than on credential checks. Because abstract sockets ignore filesystem DAC, every local UID can connect.
Attack Vector
Exploitation requires only local code execution as any user. The attacker opens an AF_UNIXSOCK_STREAM connection to \0urn:AGL:afs:supervision:socket, sends the framed supervision command, and reads the response. No authentication handshake or token exchange occurs. Public proof-of-concept code is referenced in the GitHub Gist Exploit Code.
The vulnerability is described in prose only; no verified exploit code is reproduced here.
See the linked gist and the source tree at the Automotive Linux Code Repository for technical detail.
Detection Methods for CVE-2026-37526
Indicators of Compromise
- Unexpected connect() syscalls from non-system UIDs targeting the abstract path @urn:AGL:afs:supervision:socket
- Unscheduled restarts or crashes of afb-daemon indicating receipt of an Exit supervision command
- Audit log entries showing API invocations that did not originate from a registered binder client
- Sudden termination of active user sessions tracked by afb-daemon outside of normal logout flows
Detection Strategies
- Enable Linux audit rules on connect syscalls and filter for sun_path values matching the abstract supervision socket
- Monitor afb-daemon stderr and journal output for supervision command dispatch entries correlated with non-binder client PIDs
- Use eBPF tracing on the unix_stream_connect kernel function to record peer UID, GID, and executable path for connections to the supervision socket
Monitoring Recommendations
- Forward afb-daemon logs and host audit data to a centralized analytics platform for anomaly review
- Alert on any process other than the expected supervisor binary connecting to @urn:AGL:afs:supervision:socket
- Baseline normal supervision command volume and rate so that bursts of Do, Config, or Sclose activity trigger investigation
How to Mitigate CVE-2026-37526
Immediate Actions Required
- Upgrade afb-daemon to a fixed release once the AGL project publishes one tracking this CVE
- Restrict local accounts and untrusted application sandboxes on systems running affected afb-daemon versions
- Audit any third-party binder clients to confirm they do not require the supervision channel for normal operation
- Disable the supervision interface in production builds where it is not required for diagnostics
Patch Information
No vendor advisory URL is listed in the NVD record at publication. Track upstream changes through the Automotive Linux Code Repository for commits that add credential verification to on_supervision_call or replace the abstract socket with a filesystem-bound socket protected by DAC.
Workarounds
- Rebuild afb-daemon to bind the supervision socket to a filesystem path with mode 0600 owned by the daemon user instead of using the abstract namespace
- Patch on_supervision_call locally to call getsockopt(SO_PEERCRED) and reject peers whose UID does not match the daemon owner or an allowlist
- Apply Linux Security Module policy (SELinux or AppArmor) restricting which domains may connect to the abstract supervision socket
- Run untrusted applications inside network namespaces that do not share the abstract socket namespace with afb-daemon
# Example AppArmor rule fragment denying connection to the supervision socket
deny unix (connect) type=stream peer=(addr="@urn:AGL:afs:supervision:socket"),
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
