Volkswagen MIB3 Infotainment Lack of Memory Isolation Vulnerability

Vulnerability

A vulnerability exists in the Volkswagen MIB3 infotainment system, specifically in units manufactured by Preh Car Connect GmbH, including the Skoda Superb III model. The issue arises from the absence of memory isolation between CPU cores, allowing an attacker with access to the main operating system to interfere with the CPU core that processes CAN messages. This vulnerability could lead to unauthorized manipulation of vehicle functions via the CAN bus.

Impact

Exploitation of this vulnerability could result in unauthorized access to the CARCOM CPU core, which manages CAN bus communications. This would allow an attacker to read and write CAN messages, potentially interfering with vehicle functions, although safety-critical CAN channels are typically protected by filters.

Added: Jun 28, 2025, 5:02 PM

Updated: Jun 28, 2025, 5:02 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Volkswagen MIB3 Infotainment Lack of Memory Isolation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating