CVE-2022-42430
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
29/03/2023
Last modified:
08/04/2023
Description
This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:tesla:model_3_firmware:*:*:*:*:*:*:*:* | 2022.28 (excluding) | |
cpe:2.3:h:tesla:model_3:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page