Openpilot
Monthly
Insecure deserialization in Comma AI Openpilot 0.11 allows a local authenticated attacker to achieve code execution by supplying a malicious pickle payload to the pickle.load/pickle.loads calls in selfdrive/modeld/modeld.py. The flaw requires local access with low privileges and no public exploit identified at time of analysis, but the vendor reportedly did not respond to coordinated disclosure, leaving the issue unpatched. CVSS 4.0 scores it 7.1 (High) with full confidentiality, integrity, and availability impact on the vulnerable system.
Insecure deserialization in Comma AI Openpilot 0.11 allows a local authenticated attacker to achieve code execution by supplying a malicious pickle payload to the pickle.load/pickle.loads calls in selfdrive/modeld/modeld.py. The flaw requires local access with low privileges and no public exploit identified at time of analysis, but the vendor reportedly did not respond to coordinated disclosure, leaving the issue unpatched. CVSS 4.0 scores it 7.1 (High) with full confidentiality, integrity, and availability impact on the vulnerable system.