Memory Isolation Flaw in MIB3 Infotainment System by Volkswagen
CVE-2023-28907

6.7MEDIUM

Key Information:

Vendor: Preh Car Connect Gmbh (joynext Gmbh)
Status: Volkswagen Mib3 Infotainment System Mib3 Oi MQb
Vendor: CVE Published:; 28 June 2025

🔔 Create Preh Car Connect Gmbh (joynext Gmbh) Vulnerability Alert

What is CVE-2023-28907?

A vulnerability in the MIB3 infotainment system utilized in certain Volkswagen and Skoda vehicles allows for a lack of memory isolation between CPU cores. This issue permits an attacker with access to the main operating system to potentially compromise the dedicated CPU core that processes Controller Area Network (CAN) messages, which are crucial for vehicle communication and control. The exploitation of this vulnerability could lead to unauthorized access and manipulation of vehicle functions, raising significant security concerns.

Affected Version(s)

Volkswagen MIB3 infotainment system MIB3 OI MQB 0 <= 0304

References

https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishc...

https://pcacybersecurity.com/resources/advisory/vulnerabi...

technical-description

https://asrg.io/security-advisories/vulnerabilities-in-vo...

third-party-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Mar 27, 2023

Credit

Artem Ivachev from PCA Cyber Security (PCAutomotive)