Race Condition Firewall Bypass in Tesla Model S Iris Modem
CVE-2024-6029

5MEDIUM

Key Information:

Vendor: Tesla
Status: Model S
Vendor: CVE Published:; 30 April 2025

What is CVE-2024-6029?

A race condition in the firewall service of the Tesla Model S Iris modem allows network-adjacent attackers to bypass critical firewall protections without requiring authentication. The vulnerability stems from a failure to correctly manage the xtables lock, which can be exploited to evade security rules and gain unauthorized network access. This poses significant security risks for users of affected vehicles, as it could potentially allow malicious actors to exploit other vulnerabilities within connected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Model S 2023.44.29 with the AG525RGLAAR01A16M4G_OCPU_02.003.10.003 connectivity card

References

https://www.zerodayinitiative.com/advisories/ZDI-25-260/

x_research-advisory

CVSS V3.0

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2025
Vulnerability Reserved
Jun 14, 2024

JSON

Tesla