EUVD-2022-42522

Malicious code in bioql PyPI...

CVE-2022-3093

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iceupdater update mechanism. The issue results from the lack of proper validation of user-supplied...

Design/Logic Flaw

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iceupdater update mechanism. The issue results from the lack of proper validation of user-supplied...

CVE-2022-3093

The CVE-2022-3093 issue is a Tesla ice_updater firmware-update vulnerability where improper validation of user-supplied firmware allows a physical attacker to execute arbitrary code with root privileges. Multiple sources (ZDI advisory ZDI-22-1188 and Red Hat/CVEs) describe a TOCTOU‑style control ...

(Pwn2Own) Tesla ice_updater Time-Of-Check Time-Of-Use Code Execution Vulnerability

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iceupdater update mechanism. The issue results from the lack of proper validation of user-supplied...