Automotive software defects

Here's a list of potentially deadly automotive software defects, mostly from NHTSA Recall notices.


There is still a lot of resistance to the idea that car software can have fatal defects that result in deaths not due to driver error. In fact such defects do exist, and for many of them we've just gotten lucky that few or no people have died as a result. Recently we've been seeing more deadly software defects being reported. This posting is intended to give a taste of what's been going on in automotive software quality. This is a very partial list of bad software that was deployed on production vehicles in the US.

This list includes a variety of subsystems including unintended acceleration, steering failures, brake assist failures, headlights going out while driving, and quite a lot of air bag failures. There are software defects, configuration management errors, leaving the module in "factory mode" when shipped, communication networks causing overloads, and even EEPROM wearout. Overall this paints a picture of an industry that is shipping a lot of safety critical software defects.  In fairness, yes, these are all ones that are being fixed, and there are certainly other causes of fatal accidents. (Presumably there are others not yet being fixed, if for no other reason than that the cars are still new on the road. But at least some of these recalls sure look like mistakes that simply should not be happening in life critical software.)

An interesting observation has to do with the disproportionately large representation of software-related defects for air bags, especially in earlier years, despite the relative simplicity of air bag deployment software compared to something like an engine control module. It could simply be that engineers who write air bag software are more prone to making mistakes than other engineers, although there is no reason this ought to be the case. However, an alternate possible explanation is that it is much more difficult to blame airbag malfunction on driver error than it is to blame drivers for potential software defects that affect other vehicle functions.

The list is almost certainly much, much longer, and I simply ran out of time trying to go through the full NHTSA database. I also skipped some issues that were repetitive or less interesting.  And even that doesn't include everything that happens. There is no reason whatsoever to believe things have gotten dramatically better since the last time I had a chance to update this list.

Remember that a NHTSA recall is by definition a safety defect that matters. That's the whole point of having a recall.

The purpose of this list is not to call out any particular company or software defect. Rather, the point is that safety critical software defects are both pervasive and persistent across the automotive industry.  Yes, we can have discussions about how many vehicles vs. how many defects. But it still does not instill confidence about life critical software in a self-certifying industry that in the US is not required to follow international software safety standards.

Updated April 2021: (incomplete additional info I happened to notice after that date; occasional updates discontinued in Fall 2023 due to lack of time -- the point having been made that there are lots of automotive software recalls that are relevant to safety)
  • GM / Nov. 2024
    • "Incorrect software in the transmission control module (TCM) may result in harsh shifting, reduced power, unintended deceleration, rear wheel lockup, or cause the vehicle to move in an unintended direction."
    • "The transmission control module software in these vehicles is incorrectly calibrated to respond to certain electrical failures within the transmission. If these electrical failures are present when the transmission is performing certain shift operations, these miscalibrations can cause harsh shifting or reduced power or may result in unintended deceleration or rear wheel lockup. In rare circumstances at low speeds, the vehicle may move in an unintended direction"
    • "24 complaints potentially related to this condition, including five complaints of sudden unwanted deceleration and one complaint of the vehicle moving in an unintended direction from a stop. The other 18 complaints reported harsh shifting."
    • NHTSA recall 24V839
  • Ford / July 2024
    • The steering wheel may begin oscillating without warning (alternating clockwise / counterclockwise) when the driver attempts to steer. The oscillation results from the electronic power steering gear providing unintended steering assist.
    • Due to inverted polarity in supplier calibration machinery.
    • NHTSA recall 24V493
  • Ford / Jun 2024
    • Ford recalls over 550,000 pickup trucks because transmissions can suddenly downshift to 1st gear   AP Story 
  • Toyota / Feb 2024
    • Software defect in transmission causes vehicles to move at 3 mph when in neutral due to lack of "immediate" separation of brake clutch discs from plates.
    • NHTSA recall 24V125
  • Hyundai / Aug 2023
    • "The motor control unit (“MCU”) software may detect a transmission / drive motor synchronization fault while driving triggering a “fail-safe” condition that temporarily results in slow, unintended acceleration after release of the brake pedal" caused by "Inadvertent fault detection by the HPCU software logic."
    • "As an added level of protection, all affected vehicles are equipped with brake override systems as a standard feature."
    • NHTSA recall 23V589
  • Ford / July 2023
  • Nissan / July 2023
    • "Nissan is recalling 2018-2023 Leaf electric cars to address a potential issue that could cause vehicles to accelerate unintentionally after using cruise control."
    • "Faulty programming logic in the vehicle control modules of affected vehicles could cause an application of torque if the driver applies and releases the accelerator pedal within eight seconds of deactivating cruise control..."
    • "Nissan and the NHTSA appear to be saying that vehicles will keep accelerating until the brake pedal is applied, not that cruise control will remain active or reactivate—although the documents don’t clarify whether this would be light acceleration or much more."
    • Press coverage: https://www.msn.com/en-us/autos/autos-hybrids/2018-2023-nissan-leaf-ev-recalled-for-cruise-control-acceleration-flaw/ar-AA1erMJ7
    • NHTSA recall 23V-494
  • Audi / Apr 2023
    • "Due to an incompatibility between the activation software and the heating film used for the front camera on the windshield, the heating film may overheat." ... "This could lead to smoldering or even a vehicle fire."
    • "Incompatibility between the activation software and the heating film used for the front camera on the windshield."
    • Initially discovered in late 2019, they thought they reflashed all the affected vehicles that had an incorrect software version installed in the factory. But in Feb. 2023 a vehicle in the US had an issue. They discovered 19 vehicles had slipped through the update process, so had to issue a recall for those.
    • NHTSA recall 23V-212
  • Ford / Jan 2023
    • Third round of fixes for an intermittent failure of a backup camera feed. 17 backing-up crashes so far (no injuries reported).
    • An initial recall was supposed to fix the issue (round 1). But still lots of reports. This was then blamed on failure to install the remedy correctly due to a service tool defect (round 2). But then the problem reappeared even on cars that had the remedy. So now we're on round 3, which apparently involves an automatic reboot of the camera feed if an imaging failure is detected. (It seems the defect remains, so this is a workaround that does not require the driver to cycle the ignition to clear the issue.)
    • NHTSA recall 22V-022 / chronology
  • BMW / Dec 2022
    • "Approximately 5,389 vehicles were manufactured with a high voltage battery electronic control unit containing software that may, during certain vehicle operating conditions, result in an interruption of electrical power"
    • "The high voltage battery electronic control unit software may, during certain vehicle operating conditions, cause an interruption of electrical power. Specifically, a misdiagnosis can sporadically occur within the battery management electronics, which could cause the electronic control unit to reset. If a reset occurs, this could cause an interruption of electrical power."
    • NHTSA recall 22V-944
  • Ford / Nov 2022
    • "Loss of the ability to control the defrost or defog function may decrease the driver’s visibility under certain driving conditions, increasing the risk of a crash."
    • the interrupt handling process within the base software can sporadically suspend the remote climate control module communication on these vehicles
    • Loss of the ability to control the defrost or defog function may decrease the driver’s visibility under certain driving conditions, increasing the risk of a crash.
    • NHTSA recall 22V-791
  • VW/Audi / Nov. 2022
    • "may take too long to detect a loss of tire pressure if all four tires lose pressure at the same time and at the same rate" VW claims detection will occur, but not as fast as required by FMVSS 138. VW petitioned to have the recall waived but that was denied by NHTSA.
    • "The brake control unit hardware was changed, but the related module software was not adapted to the change." 
    • NHTSA recall 22V-815
  • Volvo / Oct. 2022
    • Volvo hybrids have a software logic error that can lead to loss of propulsion.
    • "The estimated cooling flow on the electrical drive (ED) cooling circuit is set to zero due to faulty software logic when max cooling is requested. When the estimated cooling flow is set to zero, the Inverter Generator Module will set available torque to zero and the combustion engine will not start." "Customers may experience loss of propulsion, increasing the risk of a crash"
    • NHTSA recall 22V-793
  • Paccar / Oct. 2022
    • The display may freeze, resulting in an inability for information to be updated, Loss of current indicators and warnings, such as the speedometer and telltales, may increase the risk of a crash
    • The software did not properly handle errata
    • NHTSA recall 22V-779
  • Mitsubishi / August 2022
  • Chrysler / June 2022
    • Jeep Grand Cherokee and Dodge Durango (2018-2019) defective hydraulic control and ABS modules that incorrectly read brake pressure. Brake lights turn on without foot on brake; permits shifting out of park without foot on brake. No diagnostic trouble code.
    • Potential unintended acceleration due to failure of brake/park interlock.
    •  150 customer complaints; 216 warranty claims; 29 field reports dating back to 2019 -- investigation not opened until Oct 2021.  Recall in June 2022. Still no diagnosis of root cause; no remedy. 
    • NHTSA recall 22V-426
  • Ford / June 2022
  • Ford / May 2022
    • The Powertrain Control Module (PCM) may broadcast an unintended faulted signal which when received by modules controlling the reverse camera, reverse light, and driver assist features, may disable these functions
    • PCM detects vehicle conditions such as clutch slip, extended reverse driving, and gear position measurement inaccuracy as a fault. The PCM fault signal disables reverse camera, reverse lamps, and driver assistance features.
    • Originally identified as a problem in July 2020, but Ford Critical Concern review Group decided to close the investigation "based upon low occurrence and to monitor field data for any increase in occurrence"  Investigation re-opened in April 2022.
    • NHTSA recall 22V-382
  • Ford / May 2022
    • Incorrect version of functional safety software always reads torque as zero, rendering safety checks for unintended acceleration useless. Risk of unintended acceleration, unintended deceleration and/or incorrectly detecting a lateral hazard on the primary axle.
    • NHTSA recall 22V-333
  • Rivian / May 2022
    • Incorrect calibration data in the front passenger seat air bag controller does not deactivate with child seat or child occupant as required due to incorrect weight threshold setting.
    • NHTSA recall 22V-319
  • Tesla / May 2022
    • Infotainment CPU overheads during rapid charging or preparing to rapid charge, causing lag in display or reset. The display includes vehicle control information and backup camera.
    • Firmware fix being deployed, presumably to better control cooling system.
    • NHTSA recall 22V-296
  • BMW / Apr 2022
    • Software defect permits closing sunroof when key fob is not inside the cab, potentially permitting someone to be trapped inside the vehicle without the fob to enable door unlock or other means of egress. 
    • NHTSA recall 22V-267
  • Toyota / Apr 2022
    • "The Skid Control ECU software may not turn on the Vehicle Stability Control (VSC) system when the vehicle is restarted after the driver has disabled the VSC system"
    • "A review of the software logic found that “Brake Pedal OFF” had been added to the list of parameters required for the VSC to return to the default “ON” setting after the VSC had been manually deactivated.  In the vehicle under development, it was found that by introducing the Brake Pedal OFF parameter, depressing the brake pedal through the end of one ignition cycle and into the start of the next ignition cycle caused the VSC not to return to the default setting at the subsequent ignition cycle if the driver had manually turned off the VSC using the in-vehicle control."  (see information report)
    • NHTSA recall 22V-239
  • Mercedes-Benz / Apr 2022
    • In reverse the central display does not switch to camera view or displays a black screen with inoperability message. No freezing of camera image. No advance warning message.
    • Blamed on "deviation in the development process of the supplier."
    • NHTSA recall 22V-232
  • Ford trucks / Mar 2022
    • "A software error within the trailer brake controller can result in failure to provide the trailer brake output signal when the towing vehicle’s brakes are applied."   
    • "Supplier diagnostics identified a potential vulnerability between two instructions within the software where the processing does not complete as intended, resulting in the TBC brake output signal not being properly sent to the trailer while driving." 
    • "subject issue could not be systematically reproduced" in original software version but was also observed in several vehicles with original software and also a "more robust software version" that had been developed in response to issues observed in 2018.  See the chronology document.
    • NHTSA recall 22V-193  and more description
  • Mercedes-Benz / Mar 2022
    • Under-voltage detection disables the manually activated SOS emergency call button.
    • All affected vehicles updated to new software version before delivery to customers.
    • NHTSA recall 22V-190
  • Mercedes-Benz / Mar 2022
    • Hands-off-wheel driver monitor can be fooled by leather cover. (Might be a calibration issue rather than software logic defect, but fix is a software update.)
    • NHTSA recall 22V-189
  • Ford trucks / Mar 2022
    • " The Transmission Fluid Pressure Low Diagnostic Trouble Code (DTC) may falsely activate and cause the transmission to shift into a neutral state. This can occur at any speed.  If a false activation occurs, the vehicle will coast to a stop as if it is in Neutral, and the electronic shifter will attempt to engage Park below speeds of 2 mph/3 kph. Once the vehicle comes to a complete stop, the electronic shifter will automatically shift into Park."
    • "A loss of motive power while driving can increase the risk of a crash." ... "Transmission function can be restored upon a key-off/key-on cycle."
    • NHTSA recall 22V-188
  • Mercedes-Benz / Mar 2022
    • "incorrect initialization of the rear signal acquisition and actuation module might occur at start of the vehicle, which may restrict intended functions of the control unit. This condition might affect the function of the rear turn signal, rear hazard warning lamps, as well as the reversing lamp, which could increase the risk of a crash."
    • "Before the issue occurs, the driver will not receive a warning due to the nature of the failure mechanism. When the issue occurs, the driver may be made aware of the issue by several warning messages in the instrument cluster."
    • "Tests were performed, which confirmed the software as a root cause for this issue."
      "Due to a deviation in the development process at a supplier, the rear signal acquisition and actuation module software might not meet current production specifications."
    • NHTSA recall 22V-167
  • Tesla / Mar 2022
    • Tesla firmware crashes result in recall. Software error causes computer reset; delays rearview camera image beyond 2 seconds, violating FMVSS 111. 
    • Precedent set here: recall even though not reproduced in investigative testing.
    • NHTSA recall 22V-169
  • General Motors Hummer / Mar 2022
    • "embedded software in the taillamps can cause one or both rear taillamps to (a) become inoperative or (b) remain fully or partially illuminated.   If the taillamp is inoperative, all taillamp functions (brake light, turn signal, backup lamp, side marker, clearance lamp, and tail light) will be disabled."
    • "A taillamp that fails to illuminate or illuminates incorrectly may reduce the visibility of the vehicle or communicate incorrect information to other road users, increasing the risk of a crash."
    • NHTSA recall 22V-141
  • Tesla / Jan 2022
    • "A software functionality referred to as “rolling stop” allows the vehicle to travel through all-way-stop intersections at up to 5.6 mph before coming to a complete stop, if certain conditions are first met."
    • All Tesla FSD beta vehicles affected (53,882 vehicles)
    • NHTSA Recall 22V-037
  • Daimler Sprinter vans / Jan 2022
    • "The defect is a rare and temporary park lock system error that could increase the risk of a vehicle rollaway"
    • Attributed to driver not following procedure and/or Park Lock Support Software. Reproduced but no root cause identified as of Jan 10, 2022
    • NHTSA Recall 21V-972
  • Jeep Headlights / Dec 2021
    • "Some 2021 MY Jeep Grand Cherokee L vehicles equipped with a smart lighting module ("SLM") may have received an incomplete software update which could result in one or both headlamps being inoperable."
    • "The suspect period began on December 3, 2020, when the first vehicle was built with a SLM that may have received an incomplete software update, and ended on July 27, 2021, when vehicles were built with correct SLM software. T"
    • NHTSA Recall 21V-950
  • Hyundai Unintended Acceleration / Dec 2021
    • Ioniq Electric, Power Electric Module
    • "a slow, unintended acceleration event can occur following full accelerator pedal release, if, a specific set of sequences are met"
    • Cause: "Electrical noise is generated due to deterioration of the electrical ground which can create a communication error within the vehicle’s Controller Area Network (“CAN”) bus."
    • NHTSA Recall 21V-944
  • Jeep Airbags / Nov 2021
  • Tesla phantom braking (Tesla) / Oct 2021
    • "A software communication error may, under a certain sequence of events, result in false forward-collision warnings (FCW) and/or automatic emergency brake (AEB) events."
    • "when the vehicle is waking up from “Sentry Mode” or “Summon Standby Mode,” a mode where one of the chips is in a low-power ‘sleep’ state. This communication disconnect can result in the video neural networks that operate on that chip to run less consistently than expected. The inconsistency can produce negative object velocity detections when other vehicles are present, which in turn can lead to false FCW and AEB events"
    • NHTSA Recall 21V-846
  • Sudden Power Loss (Porsche Taycan) / July 2021
  • ECM incorrectly reduces engine power (Infiniti) / Apr 2021
    • "After detecting rapid acceleration, the Engine Control Module (ECM) may incorrectly reduce engine power and reduce fuel supply to the engine."
    • NHTSA Recall 21V-234
  • ESC does not stay in lane (Mack Trucks) / April 2021
    • "The vehicles may not stay in their lane at certain speeds." (FMVS 136 violation)
    • "A vehicle that drifts out of its lane increases the risk of a crash."
    • "dealers will reprogram the vehicle control unit"
    • NHTSA Recall 21V-233
  • Backup camera failure (Ford Lincoln) / March 2021
    • "The image processing module may be unable to provide video feed to the display, which could result in a loss of the backup camera image."
    • " start-up anomaly between the serializer component in the image processing module and the deserializer in the accessory protocol interface module"
    • "dealers will update the image processing module software with the latest level"
    • NHTSA Recall 21V-223
  • ABS and DSC disabled due to diagnostic check issue (Jaguar) / March 2021
    • "The diagnostic check for the Anti-Lock Brake System (ABS) that runs at vehicle startup may not complete in the time required, which could disable the ABS and the Dynamic Stability Control (DSC) system during that drive cycle."
    • "on occasion, the CCF read cycles by the ABS module were not being completed in the time expected, with the diagnostic checks taking up to 25 seconds. After 15 seconds, the ABS stops transmitting and this terminates the ABS and DSC systems and a Malfunction Indicator Lamp illuminates on the instrument cluster to warn the driver the systems are not available."
    • "dealers will update the vehicle software"
    • NHTSA Recall 21V-167
  • Loss of high voltage system (Volvo) / Feb 2021
    • For recharge vehicles: "The Battery Energy Control Module (BECM) microprocessor may reset and cause the high voltage system to disconnect."
    • "A disconnected high voltage system can cause a loss of drive power, increasing the risk of a crash."
    • NHTSA Recall 21V-109    (See also 21V-110 for Polestar equivalent)
  • ESC causes vehicle pull (Mercedes) / Feb 2021
    • "During certain evasive driving maneuvers, the Electronic Stability Program (ESP) software may apply torque to one of the front wheels, pulling the vehicle to one side."
    • "If the vehicle unexpectedly pulls to one side during an evasive maneuver, it can increase the risk of a crash."
    • "Due to a deviation in the supplier development process, the ESP software might not meet current production specifications.
    • "The customer will not receive an advance warning due to the nature of the failure mechanism."
    • NTSA Recall 21V-071
  • "Tesla asked to recall 158,000 cars for failing displays" / Jan 2021
    • "The failures of the so-called “media control units” in these vehicles can sever the owner’s access to their vehicle’s backup camera, climate controls, and Tesla’s Autopilot driver assistance system, increasing the risk of a crash, the safety agency says"
    • "The problem at the heart of the defect that NHTSA wants Tesla to fix involves worn-out flash memory chips used in the displays"
    • "Tesla confirmed to NHTSA that all units with this chip “will inevitably fail,” according to the agency, and also provided a statistical model showing projected weekly repairs lasting from 2020 to 2028, with the most failures happening in 2022."
    • https://www.theverge.com/2021/1/13/22229854/tesla-recall-model-s-x-touchscreens-bricked-failure-nhtsa
  • Rearview image blanking / failed OTA update (Subaru) / Dec 2020
    • "The August 2020 over-the-air software update may have timed out without completing the installation, corrupting the data, and causing the rearview display to shutoff intermittently." 
    • "a FOTA update was made available for certain vehicles. If the software download was initiated and if there was a delay in the data writing speed of the flash memory, the installation process could timeout. A timeout failure during the data writing sequence could cause the data to be corrupted, and if corrupted, may result in the CID going blank. In this blank condition, the backup camera and display will continue to function with the shift selector in Reverse, however, the CCM may continuously reboot approximately every three (3) minutes. If a reboot occurs while the vehicle is reversing, the rearview display may disappear during the reboot process, which takes approximately six (6) seconds to complete"
    • NHTSA Recall 20V-766
  • Body Control Communication Error (Honda) / Dec 2020
    • "A software error may cause intermittent or continuous disruptions in communication between the Body Control Module (BCM) and other components.  This may result in malfunctions of various systems such as the windshield wipers and defroster, rearview camera, exterior lights, audible warning of a stopped vehicle, and power window operation."
    • NHTSA Recall 20V-771
  • Alternating MPH and KM/H display (Jaguar) / Dec 2020
    • "due to an error in a service software update, the Instrument Cluster (IC) randomly displays alternating speedometer and odometer units between MPH and KM/H while the vehicle is in motion without the driver making any selection of display units"
    • The changing displays may cause driver distraction or confusion and possibly result in excessive speed, which can increase the risk of a crash.
    • NHTSA Recall 20V-751
  • Reduced braking performance (Hyundai) / Dec 2020
    • "The Integrated Electronic Brake (IEB) system may detect an abnormal sensor signal and as a result, may significantly reduce braking performance."
    • "HMC identified a condition within the IEB motor control software that, in absence of proper “fail-safe” logic, would disable the IEB motor upon detection of an abnormal sensor signal thus reducing foundational brake performance."
    • NHTSA Recall 20V-748
  • Blank backup camera (VW Jetta) / Nov 2020
    • "The rear view camera could malfunction during an ignition cycle, leading to a black screen or infotainment system freeze. "
    • "A black or frozen rear view image reduces the driver's visibility when reversing, increasing the risk of a crash."
    • "The condition for the error is a specified course of action with fixed time segments and a small time window. When the vehicle is "woken up" (door open), the MIB is also woken up and goes into standby. If the vehicle is then not started the MIB goes back to sleep mode after a waiting time of 30 seconds. This is necessary to minimize the energy consumption in the vehicle. During this state the video line cannot be diagnosed and any activation requests from the camera system are lost or are no longer taken into account."
    • NHTSA Recall 20V-716
  • Trailer brake lights (Tesla) / Oct 2020
    • "A software error in certain Model Y vehicles may prevent illumination of trailer brake lights upon actuation of the service brake."
    • "On August 10, 2020, Tesla introduced a new global rear lamp variant into production for Model Y. The new rear lamp variant introduced a new channel into the vehicle control module, which the software did not properly map to the integrated trailer control module"
    • NHTSA Recall 20V-609
  • Incorrect TPMS setpoint (Land Rover) / Sep 2020
    • "The Tire Pressure Monitoring System (TPMS) recommended pressure has been set incorrectly in the instrument cluster.  As a result, the TPMS warning light will not illuminate when tire pressure reaches 25% below the cold inflation pressure stated on the tire placard"
    • Drivers may unknowingly operate the vehicle with low tire pressure, possibly causing tire tread separation, thereby increasing the risk of a crash.
    • NHTSA Recall 20V-585
  • Improper Air Bag Deployment (Jaguar) / Sep 2020
    • The Restraint Control Module (RCM) software may cause the frontal air bags to deploy improperly in the event of a frontal impact crash. 
    • "A concern has been identified with certain Jaguar XJ 2010 to 2011MY vehicles and one 2017MY vehicles where, when connected to Jaguar Land Rover’s Symptom Driven Diagnostics (SDD) device and an update to the Restraint Control Module (RCM) is unsuccessfully undertaken, the calibration may default to a pre-set condition." 
    • "In the event of a frontal impact of a sufficient severity to require the Supplementary Restraint System (SRS) to deploy the front airbags, the airbags will deploy but at impact thresholds that exceed those which provide the required occupant protection."
    • "Failure of the airbags to deploy as required can lead to increased injuries to the occupants."
    • NHTSA Recall 20V-557
  • Rearview Camera Configuration Error (BMW) / July 2020
    • "Vehicles were not programmed with rearview camera software for the US market at the assembly plant; therefore, these vehicles do not conform to FMVSS 111 because, when the transmission is shifted to Reverse, an image is not displayed."
    • "An inoperative rearview camera display can increase the risk of a crash when reversing."
    • NHTSA Recall 20V-443
  • Missing Instrument Panel Information (Honda) / July 2020
    • "Incorrect instrument panel control module software can cause the instrument panel to not display critical information, such as engine oil pressure, speedometer, and gear selector position until the next ignition cycle.  Additionally, it can prevent the rearview camera image from displaying."
    • "Operating a vehicle without a functioning instrument panel or rearview camera display increases the risk of a crash."
    • "Many in-cabin system interfaces are linked to a central network, including the instrument panel, display audio, and rearview camera display. Due to inappropriate software programming, increased data traffic on the central network may exceed the computing threshold of the instrument panel control module. Once exceeded, the instrument panel cannot display certain information required by FMVSS 101; Controls and Displays, such as the engine oil pressure, speedometer, and gear selector position until the next ignition cycle. An overloaded instrument panel control module also prevents the rearview camera image from displaying, which does not comply with the requirements of FMVSS No. 111; Rear Visibility"
    • NHTSA Recall 20V-439
  • Backup Camera Image Disappears (Nissan) / July 2020
    • "When the shifter is in Reverse and the following conditions occur within 25 seconds of head unit cold start, the Around View Monitor (AVM) and Rear View Monitor (RVM) rearview image disappears and is replaced with the previous screen display: 1. If the driver presses "OK" to acknowledge the sonar pop-up display on the combi meter; or 2. If the reverse driving speed is 7.5 mph or greater."
    • "The analysis revealed the issue could only occur within twenty-five (25) seconds after “cold start” while the head unit may experience a higher CPU load. ...  Nissan determined that the camera priority mode setting within the head unit software was incorrect, resulting in the potential for the camera image display to disappear and revert to the previous screen during a backing event under these very specific set of vehicle and driver conditions."
    • NHTSA Recall 20V-412 
  • ESP software issue (Mercedes-Benz) / July 2020
    • "These investigations indicated that the ESP System might not have been adapted for the different brake types as required. The ESP Software was reviewed and corrected. In the course of this software review it was identified that the failure mode system for a failure of the brake negative pressure supply might not have been implemented into the software as intended. An updated software was introduced..."
    • "Further analysis was started together with the supplier. This analysis showed that the software integrated yaw rate sensor diagnosis might not be active in all situations. Additional analyses were initiated to determine the limits of the yaw rate sensor diagnosis. It was found that a potential yaw rate sensor drift might not be recognized in a key cycle, if a regulating ESP intervention was simultaneously activated during the yaw rate sensor diagnosis."
    • "The investigations indicated that in the event of an unidentified yaw rate sensor drift, an ESP intervention might not correspond to the current driving situation. In addition, analyses regarding the probability of a simultaneous regulating ESP intervention during the yaw rate sensor diagnosis were started. These analyses showed, that due to the short time span of the sensor diagnosis run, this simultaneous event would be very unlikely, but could not be completely ruled out."
    • "This might lead to an ESP intervention that does not correspond to the driving situation which could increase the risk of a crash."
  • Remote Smart Parking Assist unintended movement (Hyundai) / Apr. 2020
    • "The RSPA feature in the subject vehicles is programmed with a “fail-safe” mode that will prevent vehicle movement upon detection of a system malfunction during normal operation. In limited instances, an error in the RSPA software programming could cause the vehicle to continue to move in its last commanded direction even while a system malfunction is detected."
    • "Unintended movement of an unoccupied vehicle could increase the risk of a crash and injury to bystanders"
    • NHTSA Recall 20V-213
  • Trailer lights (Jaguar) / Mar. 2020
    • "failure to illuminate the trailer lights when the trailer was electronically connected to a vehicle and the vehicle was in motion but no evidence of a failure when stationary."
    • NHTSA Recall 20V-143
  • Automatic emergency braking may not engage (Volvo) / Mar. 2020
    • "Automatic Emergency Brake System (AEB), a part of the driver support system - intellisafe, may not always engage which could increase the risk of collision"
    • "Due to the missing software code the ASDM is not fully compatible with the new hardware that was introduced 19w04."
  • Electronic Brake Software Error (GM) / Jan. 2020
    • "This software has an error, and as a result, the vehicle's electronic brake assist may be disabled."
    • "While receiving service at a GM dealership for an unrelated condition, these vehicles may have received the pre-launch version of the electronic brake control module (EBCM) software intended as the remedy in NHTSA Recall 19V889. This pre-launch EBCM software contains an error. If (i) the vehicle is started remotely using the Onstar mobile app or (ii) the driver enters the vehicle and waits five or more minutes before starting the vehicle using the ignition, this software error can, in rare cases, disable the vehicle’s electronic brake assist and illuminate the ESC, ABS and BRAKE telltales."
    • NHTSA Recall 20V-055
    • (See also NHTSA Recall 19V-889 ECBM Software Error)
  • Transmission may shift unexpectedly (Kalmar) / Jan 2020
    • "The transmission tailshaft speed sensor can be affected by electromagnetic interference, causing the transmission to shift unexpectedly."
    • "This can result in erratic shifting of the transmission. This erratic shifting may cause the vehicle to move unexpectedly"
    • NHTSA Recall 20V-020
  • Emergency braking can activate unexpectedly (Mazda) / Dec 2019
    • "Incorrect programming of the SBS control software may cause the vehicle to falsely detect an obstacle in front of the vehicle while driving. In certain cases, the SBS control software may automatically apply the vehicle brakes to prevent or reduce damage from a collision, even though no collision is imminent. "
    • "If the SBS automatic emergency braking system unexpectedly activates while driving, the risk of a rear-end crash from a following vehicle may increase"
    • NHTSA Recall 19V-907
  • Unintended activation of one rear brake (Harley-Davidson) / Nov 2019
    • "The Trike Traction Control System software used on the subject motorcycles may respond incorrectly to a faulty rear wheel speed signal by activating one of the rear brakes."
    • "Unintended activation of one rear brake could lead to an unexpected change in vehicle direction which may increase the risk of a crash."
    • "a Service Request involving a customer report that the traction control system on a 2019 Trike FLHTCUTG activated unexpectedly, causing the vehicle to veer off the intended course and crash (with injuries). (This vehicle was later inspected by H-D personnel, but no defects were found or pre-crash Traction Control fault codes indicated.)" ... 5 potential incidents disclosed in chronology document.
    • NHTSA Recall 19V-843
  • Software error may cause unintended braking (GM SUVs) / Oct. 2019
    • "If a wheel-speed sensor fails in these vehicles, a software error in the vehicle’s electronic-brake control module (EBCM) can cause the vehicle’s driveline-protection system to activate...  If the driveline-protection system activates, the driver will experience unintended braking on the wheel on the opposite side of the failed sensor."
    • "The axle-ratio calibrations in the vehicles’ EBCMs are incorrect, which can cause the EBCM to incorrectly calculate the speed of a wheel that has a faulted wheel-speed sensor. In specific vehicles and in specific operating conditions— driving between the speeds of 41 and 60 mph in four-wheel drive or automatic mode—this error can trigger the vehicle’s driveline-protection system."
    • NHTSA Recall 19V-761
  • Anti-roll back activation moves vehicle (Cummins) / Oct 2019
    • " anti-roll back feature in the VCU may unexpectedly command high motor torque under certain circumstances, resulting in unexpected vehicle motion."
    • "Cummins received a report of two claims of unintended motion in a single Blue Bird school bus."
    • NHTSA Recall 19E-070
  • ECM may disable fuel injectors (GM Malibu) / Sep. 2019
    • "Under certain conditions, an error in the vehicles’ engine control module (ECM) software can cause data used by the ECM to become corrupted. When this occurs, the ECM may send a signal disabling the engine’s fuel injectors."
    • "In rare cases this condition can cause the engine to stall at speed and without warning, increasing the risk of a crash. The condition is caused by an error in the ECM software, which was programmed by GM’s supplier of the modules."
    • NHTSA Recall 19V-642
  • Tail lights may dim or switch off (Daimler Vans) / Aug 2019
    • "If the manual turn-switch that activates the vehicle lights is turned quickly from one lighting position to another, the brightness of the taillights can be significantly reduced or could switch off completely."
    • "Daimler AG’s testing eventually found that by moving the manual lighting switch in the vehicle quickly (≤ .5 seconds), the brightness of the taillights is affected; however, the condition does not occur if the switch is moved more slowly"
    • "analysis revealed that an incorrect software version had been used."
    • NHTSA Recall 19V-591
  • Collision avoidance assist may not engage (Kia) / Jul. 2019
    • "A software error in the Forward Collision-Avoidance Assist (FCA) system may cause the braking assist function to not engage when a stationary vehicle is detected."
    • "The inability of the braking assist function to work properly may not reduce the risk of impact in a potential frontal collision."
    • NHTSA Recall 19V-539
  • Active brake assist may not engage (Mercedes-Benz) / Jul. 2019
    • "In these tests, the autonomous braking of the Active Brake Assist feature only performed sporadically."
    • "Due to the impaired signal matching of the radar sensor, the autonomous partial or full braking might not function as intended. In this case the vehicle’s Active Brake Assist feature for reducing or avoiding collisions would be impaired, increasing the risk of an injury or a crash."
    • "Due to an incorrect coding by the supplier, the radar sensor control unit software might not meet current production specification"
    • NHTSA Recall 19V-540
  • Software error may cause engine stall (Mazda) / June 2019
    • "Loss of engine power and/or engine stall may occur during certain driving conditions due to a software error in the computer that controls engine operation. ... Loss of engine power or engine stall without the ability to be restarted can occur while driving, which may increase the risk of a crash."
    • "On certain Powertrain Control Modules (PCM), the software controlling the hydraulic valve clearance adjuster may operate improperly when transitioning from cylinder deactivation to full cylinder activation modes. As a result, an intake valve rocker arm may come out of position and make contact with internal engine parts, which may cause an engine misfire, loss of engine power, and/or Malfunction Indicator Light (MIL) illumination."
    • NHTSA Recall 19V-497
  • Regenerative brake system may fail (Jaguar) / May 2019
    • "in the event of electrical regenerative brake system failure, the time to achieve the required compensation from the initial brake request does not meet the requirements of Federal Motor Vehicle Safety Standards (FMVSS) 135 S 5.1.3 (Regenerative Braking Systems)."
    • "The driver will experience a momentary reduction of deceleration at the moment of loss of electrical regenerative braking until the foundation brakes function."
    • NHTSA Recall 19V-351
  • High beams may not deactivate (Daimler) / Apr. 2019
    • "the high-beam cannot be deactivated again through the lever for the high-beam function if there is a camera malfunction due to a software error in the control unit "body controller”. In this case, the high-beam could only be deactivated by the customer after a change of ignition, or by turning the rotary-switch for the lights from the position "automatic headlights", to the position "manual headlights""
    • NHTSA Recall 19V-309
  • ORC module may disable safety features (Chrysler) / Apr. 2019
    • "an occupant restraint controller (“ORC”) with suspect software that may inadvertently disable certain passive safety features."
    • "The ORC’s “special features/function configuration” memory may be incorrectly updated when certain diagnostic service tools are used to send a specific read request to the ORC. This incorrect update may inadvertently disable certain passive safety features controlled by the ORC."
    • "An incorrectly updated ORC may not properly command deployment of certain passive safety features when warranted, increasing the potential risk and severity of occupant injury in a crash"
    • NHTSA Recall 19V-287
  • Ignition timing may damage engine (Hyundai) / Mar. 2019
    • "The engine management software may cause premature ignition (pre-ignition) of the air/fuel mixture in the engine.  The resulting excessive cylinder pressure may damage the engine."
    • "The engine management software installed on the engine electronic control units (“ECU’s”) in the subject vehicles could cause premature ignition of air/ fuel mixture in the engine cylinder (“pre-ignition”). Pre-ignition in an engine cylinder could cause excessive cylinder pressure eventually leading to engine damage. A damaged engine could lead to a high-speed stall and, in limited cases, a vehicle fire."
    • NHTSA Recall 19V-204
  • Adaptive cruise control may fail to deactivate (FCA/Alfa Romeo) / Mar. 2019
    • "The Brake System Module (BSM) software may prevent the driver from disabling the Adaptive Cruise Control (ACC) after the traction control system detects a specific wheel slip."
    • "In certain circumstances while ACC is active and the traction control detects a specific wheel slip, it is possible for a positive torque request to be locked by the BSM which may result in unexpected acceleration. If the driver does not shift to neutral or apply the brakes to stop the vehicle this condition can cause a vehicle crash without prior warning."
    • NHTSA Recall 19V-148
  • "Automatic braking systems in some Nissan Rogues are going rogue, safety group says" / Mar 2019
  • "Alfa Romeo recalling 60,000 vehicles to repair cruise management fault" / Mar 2019
  • Transmission software may cause abrupt downshift (Chrysler) / Feb. 2019
    • "Due to incorrect programming of the Transmission Control Module (TCM), certain conditions may cause the vehicle to unexpectedly downshift and abruptly decelerate."
    • "In the affected vehicles equipped with automatic transmissions, electrical noise in the range signal may be detected while driving in Drive mode (including “Manual” mode). Due to inappropriate control logic of the clutch control software in the Transmission Control Module (“TCM”), this signal noise may cause the vehicle to unexpectedly downshift, causing an abrupt deceleration of the drive wheels."
    • "A sudden decrease in the speed of the drive wheels while driving may : negatively affect the directional stability of the vehicle, increasing the risk of a loss of vehicle control, and can cause vehicle crash without prior warning 
    • NHTSA Recall 19V-068    (See also Mazda NHTSA Recall 19V-072)
  • Unexpected transmission downshift (Ford) / Feb 2019;  1,263,051 vehicles
    • "recalling certain 2011-2013 F-150 vehicles equipped with a 6-speed automatic transmission. The transmission may unexpectedly downshift into first gear, regardless of vehicle speed."
    • "ODI has received 455 unique reports related to the alleged problem that were not covered under a previous recall for this issue (16V-248). ... Of those 455 reports, 34.7% claimed that the rear wheels locked up when the transmission downshifted. There were 4 accident claims with no injuries. There are many instances where drivers report leaving their lane or the road because of this issue."
    • "In response to ODI's Information Request (IR) letter, Ford Motor Company (Ford) responded with 783 unique reports related to the alleged problem. There were 6 accident claims with 3 injuries. Ford also submitted 1206 warranty claims related to transmission downshifting failures. The failure can occur at any time, but typically at higher speed, and include symptoms such as sudden transmission downshifting, loss of speedometer, erratic shifting of transmission, and transmission stuck in one gear. The failures typically occur without warning and may result in the rear wheels momentarily locking up. The driver often had to fully stop the vehicle and restart it to get the vehicle to shift properly."
    • "Per Ford, some vehicles may experience an intermittent loss of Transmission Output Speed Sensor (OSS) signal to the Powertrain Control Module (PCM), potentially resulting in a temporary unintended downshift into first gear."
    • NHTSA Recall 19-075 based on ODI investigation. (See also NHTSA Recall 19-433 "[vehicles] previously had the powertrain control module (PCM) software reprogrammed under recall 19V-075. The software used to reprogram the PCM did not have the necessary updates to prevent the transmission from unexpectedly downshifting into first gear, regardless of vehicle speed.")
  • Failure of hands-off the wheel alerts (Ford/Lincoln) / Jan. 2019
    • "The Lane Center Assist system may not adequately detect if a driver has their hands off the steering wheel for a prolonged period of time."
    • "The production variation of the Adaptive Front Steering (AFS) mass offset/ inertia and upstream steering friction may apply higher than expected torque to the steering wheel. This torque could be incorrectly interpreted as the driver’s hands being on the wheel."
    • NHTSA Recall 19V-031
  • Vehicle may lose power (Honda) / Dec. 2018
    • "The software programming remedy for NHTSA Recall 18V-068 did not completely countermeasure the potential defect of motive power loss due to misinterpretation of a small decrease in cell voltage. As a result, the Fuel Cell (FC)-ECU could misinterpret a small cell voltage drop as the deterioration of the fuel cell stack possibly causing the warning indicator to illuminate."
    • "Honda learned that the previous countermeasure software for NHTSA recall 18V-068 did not appropriately detect the slight deterioration in the pair of end part cells. Rather, the software was designed to measure cell membrane deterioration in an individual cell. If cell membrane deterioration in a pair of cells was insufficient in meeting the detection threshold standard, the cumulative small drop in voltage from the pair of cells could be misinterpreted as fuel cell stack deterioration and potentially result in a loss of motive power."
    • NHTSA Recall 18V-921
  • Active driving system may not detect hands off (Mercedes-Benz) / Dec. 2018
    • "When the Active Steering Assist is active, the Hands-off-Detection (“HoD”) function monitors whether and how long the driver takes the hands off the steering wheel. This monitoring is performed by measurement of internal torque values of the steering system. In case of the identified malfunction, the Active Steering Assist could remain active permanently despite the driver leaving his hands off the steering wheel over a longer period of time."
    • "due to incorrect steering control unit software parameters, the Active Steering Assist feature might not reliably detect the removal of the driver’s hands from the steering wheel."
    • NHTSA Recall 18V-910
  • Passenger airbag might not deploy properly (Mercedes-Benz) / Dec. 2018
    • "Due to a deviation in the development process, the airbag control unit software parameters might not meet production specifications."
    • "the airbag control unit software parameters might not meet production specifications This might lead to a delayed activation of the passenger airbag in the defined crash test for “unbelted 5th percentile adult female. In case of a crash this might lead to increased occupant loading and thus to an increased risk of injury for the front passenger."
    • NHTSA Recall 18V-905
  • Intermittent loss of power steering assist (Porsche) / Dec. 2018
    • "A software failure may result in an intermittent loss of electric power steering assist."
    • NHTSA Recall 18V-898
  • Powertrain control unit may reset causing stall (Mercedes-Benz) / Oct. 2018
    • "a reset in the Central Powertrain Controller (CPC) control unit could occur while driving due to a software error."
    • "If the reset occurs during ECO Stop the engine will not restart as intended. In addition, vehicles could coast due to engine stalling. In this case the engine can be restarted while coasting. An engine stall while driving might increase the risk of a crash."
    • NHTSA Recall 18V-761
  • Incorrect software for air bag control unit (Mercedes-Benz) / Oct 2018
    • "Due to an error during production, certain AMG GT vehicles may have incorrect software parametrization"
    • "In the event of a crash at lower speeds requiring only a first-stage frontal airbag deployment, the second stage deployment could also be inadvertently activated. This could increase the risk of injury for a passenger"
    • NHTSA Recall 18V-724
  • Hybrid system may shutdown and cause stall (Toyota) / Oct. 2018
    • "Excessive voltage in the Intelligent Power Module (IPM) within the inverter may cause the hybrid system to shut down, causing the vehicle to stall while being driven."
    • "Due to certain characteristics of the software used to control the boost converter in the IPM, higher thermal stress could occur in specific transistors in the IPM under high-load driving such as accelerating during highway driving. If this occurs, it could damage those transistors over time..."
    • "In addition, if a specific transistor within the IPM fails in a certain way during a high-load driving condition, such as during hard acceleration, there is a possibility for an abnormally high voltage to be generated that could exceed a certain limit in the software and IPM circuit design. If the motor/generator ECU resets or this abnormally high voltage is generated, there is the possibility that the hybrid system could shut down instead of entering a failsafe driving mode"
    • "Toyota isssues second prius recall in a month on crash risk" / Oct 2018
    • NHTSA Recall 18V-684
  • "Ford recalls 1.5 million Ford Focus cars that could stall with fuel tank problem" / Oct 2018
  • "Toyota recalls trucks, SUVs and cars to fix air bag problem" / Oct 2018
    • "Toyota says the air bag control computer can erroneously detect a fault when the vehicles are started. With a fault, the air bags may not deploy in a crash. The company wouldn't say if the problem has caused any injuries."
    • https://www.abc57.com/news/toyota-recalls-trucks-suvs-and-cars-to-fix-air-bag-problem

  • Incorrect ECU programming causing stall (BMW) / Sep. 2018
    • "A review was conducted which showed that the vehicle’s engine control unit had been programmed with incompatible software during a service visit at a dealer"
    • "Incompatible software could lead to stalling when the engine is cold, and increase the risk of a crash."
    • NHTSA Recall 18V-684
  • Engine misfire may cause heat damage (Alfa Romeo) / Sep. 2018
    • "engine control software with inadequate catalyst overheat protection"
    • "may experience engine misfire conditions that can lead to elevated catalytic converter temperatures."
    • "If certain engine compartment wiring or components are damaged, the customer may experience an engine stall resulting in a sudden loss of motive power, which can cause a vehicle crash without prior warning. In rare incidents, an engine compartment fire may occur which may result in an increased risk of injury to motor vehicle occupants or persons outside the vehicle." "a burning odor may be noticeable prior to an engine stall or engine compartment fire."
    • NHTSA Recall 18V-636
  • Autonomous emergency braking system failure (Land Rover) / Sep. 2018
    • " A concern has been identified on certain 2018MY Land Rover Range Rover, Range Rover Sport and Discovery vehicles where the Autonomous Emergency Braking (AEB) feature will not be available. A warning message will not be displayed on the instrument cluster to inform the driver AEB is unavailable"
    • NHTSA Recall 18V-625
  • "GM recalls more than 1M pickups, SUVs for power steering problem" / Sept. 2018
    • 30 crashes; two injuries, no deaths attributed
    • Voltage drop and return causes momentary power steering failure; fixed via software update
    • https://www.freep.com/story/money/cars/general-motors/2018/09/13/gm-recall-pickups-suvs-power-steering/1287911002/
  • Safety systems may be disabled when in use (Mitsubishi) / Sep 2018
    • " Due to an inappropriate software in hydraulic unit ECU (H/U-ECU), electrical noise is generated when the pump motor of the H/U operates, causing the H/UECU to reset. As a result, the following conditions may occur depending on which system is in operation if equipped:
      • If ACC system and/or FCM system is in operation, automatic braking will be cancelled.
      • If ABS is in operation, wheels will lock momentarily.
      • If ASC is in operation the electrical stability control function will be cancelled momentarily.
      • If Brake Auto Hold (BAH) function is in operation, brake will be released."
    • NHTSA Recall 18V-621
  • System may not correct for lane departure (Mercedes-Benz) / Sep 2018
    • "The software calibration for the Active Lane Keeping Assist may be incorrect, and as a result, the system may not intervene in the event of an unintended lane departure while traveling faster than 65 miles an hour."
    • NHTSA Recall 18V-607
  • Temporary loss of electric power steering (EPS) (GM) / Sep 2018
    • "These vehicles may experience a temporary loss of EPS assist followed by a sudden return of EPS assist, particularly during low-speed turning maneuvers"
    • "Events that demand high current, such as low speed turns, can cause temporary low voltage conditions. When the system voltage drops below 8.8 volts for more than 1 second—e.g., during low-speed turns—EPS assist is disabled until voltage returns to 9 volts for a minimum of 40 milliseconds, at which point EPS assist returns"
    • "The loss and sudden return of EPS assist typically happens within a 1 second period and is caused by an electrical/software issue"
    • NHTSA Recall 18V-586
  • "Expert investigation says BMW software to blame" / Aug 2018
  • "Fiat Chrysler recalls 5.3 million vehicles for cruise control defect" / May 2018
  • Incorrect Speed Limitation Software (Mercedes-Benz) / Jul 2018
    •  These vehicles may be equipped with the incorrect reverse speed limitation software. While in reverse, any abrupt changes in steering while exceeding 16 MPH may cause the vehicle to become unstable.
    • NHTSA recall 18V-457
  • Cruise control may not disengage (FCA) / Jun 2018
    • "The fault handling strategy of the Powertrain Control Module (PCM) software on about 865,600 of the above vehicles does not remove positive torque requests from the engine controller if the CAN-C bus stops communicating while the cruise control is requesting positive torque."
    • "it is possible for a positive torque request to be locked on the PCM which may result in either the vehicle maintaining its current speed or possibly accelerating"
    • NHTSA recall 18V-332
  • Cruise control may not disengage (Mercedes-Benz) / 2017
    • ESP software malfunction may cause engine not to reduce power regardless of speed, driving situation, or brake application.
    • NHTSA recall 17V-713
  • "Fiat Chrysler recalls 1.25 million trucks over software error" / 2017
  • Unintended vehicle movement (Ford) / 2017
    • Quick movement of gear shift can cause up to 1 second selection of reverse gear when shifting into intended drive (forward) gear.
    • NHTSA recall 17V-669
  • Air bags may not deploy in a crash (Mitsubishi) / 2017
    • SRS ECU misinterprets vibrations, disabling air bags from deploying in a crash
    • NHTSA recall 17V-686
  • Unintended acceleration failsafes "missing" (Dodge) / 2016
  • Inadvertent Side Air Bag Deployment (Chrysler) / 2015
    • Unexpected side airbags may unexpectedly deploy due to incorrect software calibration; may result in crash or injury
    • NHTSA Recall 15V-460 and 15V-467
  • Radio Software Security Vulnerabilities (Chrysler) / 2015
    • Exploitation of the software vulnerability may result in unauthorized remote modification and control of certain vehicle systems, increasing the risk of a crash.
    • NHTSA Recall 15V-461, 15V-508
  • "Toyota recalls 625,000 hybrids: Software bug kills engines dead with thermal overload" / July 2015
    • Software settings for motor/generator ECU cause thermal damage, then propulsion shutdown
    • https://www.theregister.co.uk/2015/07/15/toyota_recalls_625000_hybrids_over_enginekilling_software_glitch/
    • Note previous recall 14V-053 for similar sounding problem
  • Tire pressure monitoring system message (Ferrari) / 2015
    • TPMS displays 50 mph speed limit warning instead of "do not proceed" warning due to software defect. Driving on punctured tire would cause loss of vehicle control and crash.
    • NHTSA Recall 15V-306
  • Airbag Incorrect Deployment Timing (BMW) / 2015
    • Driver front air bag timing incorrect / fails to meet FMVSS 208 due to programming error
    • NHTSA Recall 15V-148 
  • Passenger Air Bag may be disabled (Jaguar) / 2015
    • Light weight adult may be misclassified, disabling air bag
    • NHTSA Recall 15V-093
  • Unintended side air bag deployment (Chrysler) / 2015
    • Unintended side curtain and seat air bag deployment during operation / software reflash
    • NHTSA Recall 15V-041
  • Brake controller might not activate trailer brakes (Ford) / 2015
    • Trailer brakes not activated when towing, lengthening stopping distance, increasing risk of crash. Fixed via powertrain control module reflash.
    • NHTSA Recall 15V-710
  • On but unattended vehicle may cause CO poisoning (GM) / 2015
    • Vehicle may turn on gasoline engine to recharge hybrid battery, causing carbon monoxide poisoning (e.g., if car is in garage)
    • NHTSA Recall 15V-145
  • Incorrect electric power steering software setting (Jaguar) / 2015
    • Power steering set in factory operating mode. Vehicle can experience additional steering inputs from EPS causing driver to lose ability to control the vehicle.
    • NHTSA Recall 15V-569
  • Air bag may not detect passenger in seat (Nissan) / 2015
    • Configuration management error: incorrect occupant classification software version installed, resulting in no air bag deployment
    • NHTSA Recall 15V-681
  • "Honda admits software problem, recalls 175,000 hybrids" / July 2014
  • Transmission calibration error (Ford) / 2014
    • Due to software calibration error vehicle may be in and display "drive" but engage "reverse" for 1.5 seconds.
    • NHTSA Recall 14V-204
  • Headlights may unintentionally turn off (Motor Coach Industries) / 2014
    • A mux controller may unintentionally turn off headlights while vehicle is in gear
    • NHTSA Recall 14V-370
  • Brake vacuum pump may stop functioning (Mitsubishi) / 2014
    • Software defect causes false detection of stuck relay, disabling brake power assist
    • NHTSA Recall 14V-522
  • Loss of brake vacuum assist (GM) / 2014
    • Loss of power brake assist; fixed with software reflash
    • NHTSA Recall 14V-247
  • Reprogram sensing and diagnostics module (GM) / 2014
    • Module left in "manufacturing mode" when shipped, disabling airbags
    • NHTSA Recall 14V-247
  • Passenger airbag may be disabled (Jaguar) / 2014
    • EEPROM wearout (which is due to a software defect) causes airbag to be partially or totally disabled
    • NHTSA Recall 14V-395
  • Hybrid transmission software (Champion Bus) / 2014
    • Software may improperly raise vehicle's engine speed during downshifts without the driver's input. The increase in speed may result in unintended acceleration.
    • NHTSA Recall 14V-303  (See also 14V-043; 14V-043 Navistar; 14V-026 Kenworth)
  • Cruise control unintended continued acceleration (Chrysler) / 2014
    • Unintended continued acceleration after releasing accelerator due to adaptive cruise control software; may increase risk of crash
    • NHTSA Recall 14V-293
  • Side-curtain rollover airbag deployment delay (Ford) / 2014
    • Errors in the programming software which may result in delayed deployment of side-curtain rollover airbag
    • NHTSA Recall 14V-237
  • Improper seat belt restraint software (Toyota) / 2014
    • Improper software can use insufficient force in crash (e.g., 110 pound passenger force for larger passenter)
    • NHTSA Recall 14V-272
  • Air bag may not detect passenger in seat (Nissan) / 2014
    • Software may incorrectly classify passenger seat as empty; airbag will not deploy
    • NHTSA Recall 14V-138
  • Vehicle may gradually accelerate unexpectedly (Nissan) / 2014
    • If lost signal from throttle position sensor is regained (intermittent fault) fail-safe mode is deactiveted, opening throttle resulting in "gradual" acceleration due to software error.
    • NHTSA Recall 14V-583
  • Inadvertent Air Bag deployment (Ram) / 2014
    • Side air bags deploy when hitting potholes; fixed via software update
    • NHTSA Recall 14V-528
  • Side airbags may deploy on the incorrect side (Chrysler) / 2013
    • Airbag on the wrong side of the vehicle could deploy, leaving occupants with no airbag protection at point of impact due to a software defect
    • NHTSA Recall 13V-283
  • Delayed deployment or non-deployment of airbags (Chrysler/Jeep) / 2013
    • Airbag deployment delayed or no airbag deployment in rollover due to software defect
    • NHTSA Recall 13V-233
  • Airbag deployment software (Chrysler) / 2013
    • Incorrect software installed; air bags may not deploy or might deploy improperly
    • NHTSA Recall 13V-291
  • Improper occupant classification / 2012
    • Incorrect software installed that misclassifies passengers; airbag might not deploy when it should, deploys incorrectly, or deploys when it should not
    • NHTSA Recall 12V-198
  • Occupant classification system (Hyundai) / 2012
    • Software might miss small stature adults and not deploy airbag.
    • NHTSA Recall 12V-354 
  • Cruise Control System/Brake Switch Failure (Mercedes-Benz) / 2011
    • Brake pedal may not automatically disengage cruise control as expected. (Other methods still work.)  If driver pumps brakes it will take unusually high force to stop vehicle.
    • NHTSA Recall 11V-208
  • Engine stall prevention assist software (Honda) / 2011
    • Unexpected vehicle movement from ECU software providing hybrid electric power and unexpectedly moving vehicle in reverse direction if the engine stalls.
    • NHTSA Recall 11V-458
  • Loss of steering power assist (Toyota) / 2010
  • "Toyota: software to blame for Prius brake problems" / 2010
  • ABS ECU Programming (Toyota) / 2010
    • Inconsistent brake feel; increased stopping distances for a given pedal force due to ABS programming, raising the possibility of a crash.
    • NHTSA Recall 10V-039
  • Restraint control module (Land Rover) / 2009
    • Passenger airbag disabled as a result of temporary loss of CAN network messages and a software defect
    • NHTSA Recall 09V-467
  • Double Clutch Gearbox (BMW) / 2008
    • Engine stall increasing risk of a crash due to software multistage downshift defect
    • NHTSA Recall 08V-595
  • Passenger sensing system (GM) / 2008
    • Software condition within passenger sensing system may disable passenger air bag (or enable when it should be disabled).
    • NHTSA Recall 08V-582
  • Passenger air bag fail to deploy (Nissan) / 2008
    • Passenger air bag might not deploy due to low battery voltage combined with software defect
    • NHTSA Recall 08V-066
  • Engine Control Module Software Update (VW) / 2008
    • Software defect can cause unexpected engine surge that can "result in a crash without warning."
    • NHTSA Recall 08V-235
  • SRS Electronic control unit software (Maserati) / 2007
    • Passenger air bag might not deploy if car battery is not fully charged due to software defect
    • NHTSA Recall 07V-550
  • SRS control unit software (Volvo) / 2007
    • Two software errors result in late deployment of side airbags
    • NHTSA Recall 07V-500
  • Passenger side airbag does not deploy (Volkswagen) / 2006
    • A weak battery could cause air bag control unit to deactivate due to a software defect; airbag will not deploy in a crash
    • NHTSA Recall 06V-454
  • Electronic Throttle Control (GM) / 2006
    • ETC torque monitoring failsafe disabled, permitting throttle opening greater than commanded (i.e., UA) due to a software defect
    • NHTSA Recall 06V-007
  • Powertrain control module (DaimlerChrysler) / 2006
    • Software can cause momentary lock up of drive wheels at speeds over 40 mph if operator shifts from drive to neutral and back.
    • NHTSA Recall 06V-341
  • BMW/Driver's seat occupant detection system / 2004
    • Software can't reliably determine if driver seat is occupied; airbag may not deploy.
    • NHTSA Recall 04V-379
  • Jaguar/Forward drive gear / 2004
    • Selecting forward drive gear could select reverse while in forward motion, without indication. (Apparent limp home mode logic defect.)
    • NHTSA Recall 04-024
  • BMW/ENgine Idle Speed/DME Idle Control / 2003
    • Increase of idle speed up to 1,300 RPM. If a gear is selected, the driver may feel as if the vehicle is being pushed.
    • NHTSA Recall 03V124
  • KIA/ABS Electronic Control Module / 2003
    • programming error in ABS cases reduced braking force at speeds below 25 mph, extending stopping distances
    • NHTSA Recall 03V-158
  • "GM Admits Brake Flaws After Inquiry" / July 1999
  • Chrysler/Interior systems: air bag / 1996
    • Air bag software error which can delay air bag deployment
    • NHTSA Recall 96V-060

    Noteworthy: These are software-related problems with cars that are worth knowing about, but less black and white because, for example, there has been no general recall issued.
    Notes:  
    • To access NHTSA recalls you need to visit https://www.nhtsa.gov/recalls then select Vehicle then select "search by NHTSA ID" which can take a few mouse clicks to find on the indicated NHTSA web site.  (It might be the interface has changed since I posted this; you might need to poke around to find the lookup function.)
    • This is a work in progress and a VERY incomplete list.  I thought this would be a one-day exercise, but, well, no. If you know of something really important I've missed, please let me know!  More importantly, if you know of someone who is interested in maintaining a list like this, especially as a more rigorous academic study, I'd be happy to collaborate.  I simply don't have the time to keep up with this.
    • Reasonable people can perhaps disagree about the inclusion or exclusion of some items. But the point is really more about the volume rather than any individual item. By definition each recall is a defect that should not have been shipped, because it resulted in a recall.  I've paraphrased the recall reports. If you want to know more be sure to look at the supporting documents on the NHTSA web site, which often have more details than the summaries.
    • To be "deadly" these defects have to be software faults that either have caused, could reasonably cause, or should have reasonably prevented significant injury or death. (This includes defects in failsafes, for example) A partial list includes: un-commanded acceleration (UA), stalling at speed (dangerous when merging onto a highway), failure to deactivate cruise control, extended braking distances, airbag disablement, and incorrect airbag deployment.  What happens in practice depends upon the circumstances.
    • This should not be construed to be an expert opinion of root cause of any particular mishap. I am summarizing publicly available information and have not independently verified the technical facts in each case. Those public sources might be incorrect, or I might not have fully understood the implications of the statements in those sources. Again, this is more about the overall trend and not any particular incident report.
    • There are plenty of commenters who say things for unintended acceleration like "just apply the brakes, because brakes always overcome the engine." First, this is simply not true in many situations due to loss of vacuum assist, drivers with weak leg strength etc. A single point fault or sufficiently likely multi-point fault should not be trying to kill the occupants in the first place, so it's still a defect.
    • The air bag software problems were found in: https://www.autosafety.org/staging/wp-content/uploads/import/Historical%20Airbag%20Recalls_1.pdf  I independently verified them on the NHTSA database.
    • I independently verified on the NHTSA database some drivetrain recalls found here: https://www.autosafety.org/sites/default/files/imce_staff_uploads/Exemplary%20Vehicle%20Software%20Recalls.pdf
      and here: https://www.autosafety.org/wp-content/uploads/2016/04/2014-15-Software-Recalls.pdf
    • If you want to go exploring, you can download a copy of the raw database here that I used for some of the other defects: https://www-odi.nhtsa.dot.gov/downloads/

    2 comments:

    1. This is an eye-opening list for me and thanks for showing the gold mine of how to get these information from NHTSA (in fact they are openly available). Following your suggestion, my substantive comment here is - Gone are the days where an automotive vehicle got shipped and rarely got updates. With OTA updates being the norm these days without visiting a service center, there is little time before issues are captured by independent agencies & made public. I also found the automaker is not bound to share them all. What is the regulatory structure here for making all these OTA updates (that are not necessarily improvement but safety aspect) brought to broad light and available to public? We need to promote technological innovation but not at the cost of safety.

      ReplyDelete
    2. From what I've heard there is no real regulatory oversight on OTA updates.

      So-called Service Campaigns and Customer Satisfaction Campaigns have been a thing for a while. OTA just makes it easier to do.
      https://www.consumeraffairs.com/news/in-service-campaigns-car-companies-allegedly-downplay-defects-linked-to-poisoning-crashes-and-fires-051718.html

      ReplyDelete

    Please send me your comments. I read all of them, and I appreciate them. To control spam I manually approve comments before they show up. It might take a while to respond. I appreciate generic "I like this post" comments, but I don't publish non-substantive comments like that.

    If you prefer, or want a personal response, you can send e-mail to comments@koopman.us.
    If you want a personal response please make sure to include your e-mail reply address. Thanks!

    Static Analysis Ranked Defect List

      Crazy idea of the day: Static Analysis Ranked Defect List. Here is a software analysis tool feature request/product idea: So many times we...