CVE-2023-32155 HIGH

CVE-2023-32155: Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability

Vendor Tesla
Product Model 3
Weakness CWE-787
Published May 3, 2024
Last update September 18, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi subsystem in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-20733.

Key dates

02Disclosure timeline

May 3, 2024 CVE published
September 18, 2024 Record updated