CVE-2022-42431
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-42431
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17544.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tesla 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tesla(特斯拉)是美国特斯拉(Tesla)公司的一款电动汽车。 Tesla Model 3 存在安全漏洞,该漏洞源于 bcmdhd 驱动程序将用户提供的数据复制到缓冲区之前未对其长度进行适当验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2022-42431
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-42431
请登录查看更多情报信息。
Same Patch Batch · Tesla · 2023-03-29 · 3 CVEs total
| CVE-2022-3093 | Tesla 安全漏洞 | |
| CVE-2022-42430 | Tesla 资源管理错误漏洞 |
IV. Related Vulnerabilities
Same product: Model 3
- CVE-2025-6785
Tesla Model 3 Physical CAN Bus Injection - CVE-2025-2082
Tesla Model 3 VCSEC Integer Overflow Remote Code Execution V - CVE-2023-32157
Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbi - CVE-2023-32156
Tesla Model 3 Gateway Firmware Signature Validation Bypass V - CVE-2023-32155
Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Esc
Same vendor: Tesla
- CVE-2025-34251
Tesla Telematics Control Unit (TCU) < v2025.14 Authenticatio - CVE-2025-6785
Tesla Model 3 Physical CAN Bus Injection - CVE-2025-8320
Tesla Wall Connector Content-Length Header Improper Input Va - CVE-2025-8321
Tesla Wall Connector Firmware Downgrade Vulnerability - CVE-2025-2082
Tesla Model 3 VCSEC Integer Overflow Remote Code Execution V
Same weakness: CWE-120
- CVE-2026-8260
D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings - CVE-2026-8137
Totolink X5000R formDdns sub_458E40 buffer overflow - CVE-2026-6691
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow - CVE-2026-7857
D-Link DI-8100 CGI user_group.asp sprintf buffer overflow - CVE-2026-7856
D-Link DI-8100 Web Management url_member.asp buffer overflow
V. Comments for CVE-2022-42431
No comments yet