CVE-2023-32155

HIGH 7.8

Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi subsystem in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-20733.

CWE	CWE-787
Vendor	tesla
Product	model 3
Published	May 3, 2024
Last Updated	Sep 18, 2024

Stay Ahead of the Next One

Get instant alerts for tesla model 3

Be the first to know when new high vulnerabilities affecting tesla model 3 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Versions

Tesla / Model 3

Model 3 - 2023.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zerodayinitiative.com: https://www.zerodayinitiative.com/advisories/ZDI-23-971/