CVE-2024-6029

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6029
Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue results from a failure to obtain the xtables lock. An attacker can leverage this vulnerability to bypass firewall rules. Was ZDI-CAN-23197.

5.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability : 1.6 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.zerodayinitiative.com/advisories/ZDI-25-260/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tesla:model_s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tesla:model_s:-:*:*:*:*:*:*:*
History

12 Aug 2025, 15:12

Type Values Removed Values Added
First Time Tesla model S Firmware
Tesla model S
Tesla
References () https://www.zerodayinitiative.com/advisories/ZDI-25-260/ - () https://www.zerodayinitiative.com/advisories/ZDI-25-260/ - Third Party Advisory
CPE cpe:2.3:o:tesla:model_s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tesla:model_s:-:*:*:*:*:*:*:*

02 May 2025, 13:53

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de elusión del firewall en condiciones de ejecución del módem Iris del Tesla Model S. Esta vulnerabilidad permite a atacantes adyacentes a la red eludir el firewall del módem Iris en los vehículos Tesla Model S afectados. No se requiere autenticación para explotar esta vulnerabilidad. La falla específica existe en el servicio de firewall. El problema se debe a un fallo al obtener el bloqueo de xtables. Un atacante puede aprovechar esta vulnerabilidad para eludir las reglas del firewall. Anteriormente, se denominaba ZDI-CAN-23197.

30 Apr 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-30 20:15

Updated : 2025-08-12 15:12

NVD link : CVE-2024-6029

Mitre link : CVE-2024-6029

CVE.ORG link : CVE-2024-6029

JSON object : View

Products Affected

tesla

  • model_s
  • model_s_firmware
CWE
CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition