CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-5554

HIGH
8.1
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile28.50th
Published2017年1月23日
Last Modified2026年5月13日

Vulnerability Description

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive.

Affected Platforms (CPE)

💻
Oneplus

Oxygenos

<= 3.2.8
💻
Oneplus

Oxygenos

<= 3.5.4

References & Advisories

🔗 http://www.securityfocus.com/bid/95706
🔗 https://securityresear.ch/2017/01/11/fastboot-oem-selinux-permissive/
🔗 https://www.xda-developers.com/oneplus-33t-bootloader-vulnerability-allows-changing-of-selinux-to-permissive-mode-in-fastboot/
🔗 http://www.securityfocus.com/bid/95706
🔗 https://securityresear.ch/2017/01/11/fastboot-oem-selinux-permissive/
🔗 https://www.xda-developers.com/oneplus-33t-bootloader-vulnerability-allows-changing-of-selinux-to-permissive-mode-in-fastboot/

関連する脆弱性情報

CVE-2017-56249.8

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader ...

CVE-2017-56269.8

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the at...

CVE-2017-59476.8

An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the devi...

CVE-2017-56236.6

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device b...