CVE-2023-28907
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2025-06-28
Last updated on: 2025-06-30
Assigner: Automotive Security Research Group (ASRG)
Description
Description
There is no memory isolation between CPU cores of the MIB3 infotainment. This fact allows an attacker with access to the main operating system to compromise the CPU core responsible for CAN message processing.
The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists because there is no memory isolation between CPU cores in the MIB3 infotainment system. This allows an attacker who has access to the main operating system to compromise the CPU core that handles CAN message processing.
How can this vulnerability impact me? :
An attacker with access to the main operating system could exploit this vulnerability to compromise the CPU core responsible for CAN message processing, potentially leading to unauthorized control or manipulation of vehicle communication and functions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70