God Mode On: how we attacked a vehicle’s head unit modem

This report demonstrates a practical remote compromise of a Unisoc UIS7862A modem in a vehicle head unit: researchers found a stack-buffer overflow in the 3G RLC handler (CVE-2024-39432) enabling remote code execution on the modem, used ROP and MPU manipulation to gain persistence, and leveraged a hidden peripheral DMA for lateral movement to the application processor—ultimately allowing full SoC compromise and execution on the head unit.