Khellwan

**Name of the Vulnerable Software and Affected Versions** Comma AI Openpilot version 0.11 **Description** An issue exists in the Pickle Module within the file `selfdrive/modeld/modeld.py` where the functions `pickle.load()` and `pickle.loads()` can be manipulated. This leads to deserialization, a process of converting a byte stream back into an object, which can be exploited by an attacker with local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.