Tesla ice_updater Time-Of-Check Time-Of-Use Code Execution Vulnerability [CVE-2022-3093]
CVE number – CVE-2022-3093
This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root.
This issue was fixed starting in Tesla’s 2022.16.0.3 release.
| AFFECTED PRODUCTS | Model 3 |
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.