CVE-2024-6029

MEDIUM

Tesla Model S Firmware < 2024.2.3 - TOCTOU Race Condition

Title source: rule

Description

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue results from a failure to obtain the xtables lock. An attacker can leverage this vulnerability to bypass firewall rules. Was ZDI-CAN-23197.

References (1)

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-25-260/

Scores

CVSS v3 5.0

EPSS 0.0006

EPSS Percentile 19.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-367

Status published

Products (1)

tesla/model_s_firmware < 2024.2.3

Published Apr 30, 2025

Tracked Since Feb 18, 2026