CVE-2017-9633

Name of the Vulnerable Software and Affected Versions Infineon S-Gold 2 (PMB 8876) chipset versions used in various vehicle models produced between 2009-2016

Description An issue with improper restriction of operations within the bounds of a memory buffer was found. This issue may allow an attacker to access and control memory, potentially enabling remote code execution on the baseband radio processor of the Telematics Control Unit (TCU). The vulnerability is related to the temporary mobile subscriber identity (TMSI).

Recommendations For the Infineon S-Gold 2 (PMB 8876) chipset used in the affected vehicle models, consider restricting access to the vulnerable TMSI component until a patch or fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.