A critical vulnerability in Bosch Infotainment ECUs allows attackers who have compromised the main system-on-chip to execute code on the communication module and manipulate vehicle CAN bus traffic.

A flaw in processing custom protocol requests over the INC interface allows an attacker who already has code execution on the infotainment SoC to pivot to the RH850 module. This enables the attacker to send arbitrary CAN messages over the connected vehicle bus.

With a CVSS score of 9.3, this vulnerability poses a severe safety risk. The ability to send arbitrary CAN messages can interfere with critical vehicle functions, potentially leading to physical safety hazards, loss of vehicle control, and significant liability for the manufacturer. This represents a major compromise of the vehicle's internal communication integrity.

Immediate Action: Apply the specific security patches provided by Bosch and the vehicle manufacturer (Nissan) to address the custom protocol vulnerability on the V850 side.

Proactive Monitoring: Manufacturers should monitor for unusual CAN bus traffic patterns during vehicle diagnostics and review infotainment system logs for unauthorized module communication attempts.

Compensating Controls: Implement hardware-level security features such as CAN message authentication and gateway filtering to restrict the ability of the infotainment system to broadcast critical control messages.

Public Exploit Available: false

This vulnerability highlights the critical need for isolation between infotainment systems and vehicle control networks. Given the potential safety implications, it is imperative that affected vehicle owners receive and apply the necessary firmware updates immediately. Manufacturers must prioritize the deployment of these patches to prevent potential kinetic impact.