Advisory Details

April 30th, 2025

(Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability

ZDI-25-260
ZDI-CAN-23197

CVE ID CVE-2024-6029
CVSS SCORE 5.0, AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
AFFECTED VENDORS Tesla
AFFECTED PRODUCTS Model S
VULNERABILITY DETAILS

This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the firewall service. The issue results from a failure to obtain the xtables lock. An attacker can leverage this vulnerability to bypass firewall rules.
ADDITIONAL DETAILS

Fixed in Firmware Version 2024.2.3
DISCLOSURE TIMELINE
  • 2024-02-28 - Vulnerability reported to vendor
  • 2025-04-30 - Coordinated public release of advisory
  • 2025-04-30 - Advisory Updated
CREDIT Synacktiv (@Synacktiv)
BACK TO ADVISORIES