CVE-2022-3093 – Tesla ice_updater Time-Of-Check Time-Of-Use Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2022-3093

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-1188 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •