Polina Smirnova

Name of the Vulnerable Software and Affected Versions: MIB3 infotainment unit (affected versions not specified) Description: A logic flaw in the bootloader component of the MIB3 infotainment unit leads to a RAM buffer overflow, allowing an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue concerns an improper isolation authentication bypass vulnerability in the Bluetooth functionality. It was discovered by Mikhail Evdokimov from PCAutomotive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue is related to an integer overflow in the Bluetooth SDP protocol, which can lead to remote code execution. This was demonstrated at Pwn2Own. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue is related to a heap-based buffer overflow in the Bluetooth AVCTP protocol, which can lead to remote code execution. This was demonstrated at Pwn2Own. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nissan Leaf versions manufactured in 2020 **Description** The anti-theft protection mechanism can be bypassed due to weak response generation algorithms for the head unit. Attackers can reveal all 32 corresponding responses by sniffing CAN traffic or pre-calculating the values, allowing them to bypass the protection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ConnMan versions through 1.41 **Description** The issue is related to a buffer overflow in the client.c component of ConnMan's gdhcp, which can be exploited by network-adjacent attackers operating a crafted DHCP server. This can cause a stack-based buffer overflow, leading to a denial of service and terminating the connman process. **Recommendations** For versions through 1.41, consider disabling the `client.c` component in gdhcp until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.