CVE-2024-6029

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue results from a failure to obtain the xtables lock. An attacker can leverage this vulnerability to bypass firewall rules. Was ZDI-CAN-23197.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability : 1.6 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.zerodayinitiative.com/advisories/ZDI-25-260/

Configurations

No configuration.

History

02 May 2025, 13:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-30 20:15

Updated : 2025-05-02 13:53

NVD link : CVE-2024-6029

Mitre link : CVE-2024-6029

CVE.ORG link : CVE-2024-6029

JSON object : View

Products Affected

No product.

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

5.0 /10