CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-5624

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile15.97th
Published2017年3月12日
Last Modified2026年5月13日

Vulnerability Description

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will not verify the system partition (and any other dm-verity protected partition), which may allow for persistent code execution and privilege escalation.

Affected Platforms (CPE)

💻
Oneplus

Oxygenos

<= 4.0.2

References & Advisories

🔗 https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/
🔗 https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/

相关漏洞威胁

CVE-2017-56269.8

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the at...

CVE-2017-55548.1

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot m...

CVE-2017-59476.8

An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the devi...

CVE-2017-56236.6

An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device b...