Integer Underflow in MIB3 Infotainment Unit by Volkswagen
CVE-2023-28902

3.3LOW

Key Information:

Vendor: Preh Car Connect Gmbh (joynext Gmbh)
Status: Volkswagen Mib3 Infotainment System Mib3 Oi MQb
Vendor: CVE Published:; 28 June 2025

🔔 Create Preh Car Connect Gmbh (joynext Gmbh) Vulnerability Alert

What is CVE-2023-28902?

An integer underflow in the image processing binary of the MIB3 infotainment unit may enable local attackers to disrupt functionality, resulting in a denial-of-service scenario for the infotainment system. Initially identified in the Skoda Superb III with part number 3V0035820, this vulnerability may affect other OEM part numbers within the MIB3 infotainment series, presenting potential risks to vehicle owners and manufacturers. Proper security measures should be implemented to mitigate this risk.

Affected Version(s)

Volkswagen MIB3 infotainment system MIB3 OI MQB 0 <= 0304

References

https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishc...

https://pcacybersecurity.com/resources/advisory/vulnerabi...

technical-description

https://asrg.io/security-advisories/vulnerabilities-in-vo...

third-party-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Mar 27, 2023

Credit

Artem Ivachev from PCA Cyber Security (PCAutomotive)