CVE-2022-42430

This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.
References
Link Resource
https://www.zerodayinitiative.com/advisories/ZDI-22-1406/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tesla:model_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tesla:model_3:-:*:*:*:*:*:*:*

History

08 Apr 2023, 01:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:o:tesla:model_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tesla:model_3:-:*:*:*:*:*:*:*
First Time Tesla
Tesla model 3 Firmware
Tesla model 3
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-1406/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-1406/ - Third Party Advisory, VDB Entry

29 Mar 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-29 19:15

Updated : 2023-12-10 15:01


NVD link : CVE-2022-42430

Mitre link : CVE-2022-42430

CVE.ORG link : CVE-2022-42430


JSON object : View

Products Affected

tesla

  • model_3_firmware
  • model_3
CWE
CWE-416

Use After Free