NVD

Id
83229  
Name
CVE-2017-5624  
Description
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disabled, the kernel will not verify the system partition (and any other dm-verity protected partition), which may allow for persistent code execution and privilege escalation.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-03-18  
Published
2017-03-12  
Modified Date
2017-03-14  
Seq
2017-5624  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
409049 83229 CVE-2016-3052 http://www.ibm.com/support/docview.wss?uid=swg21998660  View
409050 83229 CVE-2016-3052 http://www.ibm.com/support/docview.wss?uid=swg21998660  View
411294 83229 CVE-2017-0535 96833  View
411295 83229 CVE-2017-0535 https://source.android.com/security/bulletin/2017-03-01.html  View
411296 83229 CVE-2017-0535 96833  View
411297 83229 CVE-2017-0535 https://source.android.com/security/bulletin/2017-03-01.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
65863 JVNDB-2017-002202 OnePlus 3 および 3T 用 OxygenOS における任意のコードを実行される脆弱性 OnePlus 3 および 3T 用 OxygenOS には、任意のコードを実行される、および権限を昇格される脆弱性が存在します。 CVE-2017-5624 CVE-2017-5624 83229 10 9.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-002202.html 2017-02-08 2017-04-03 View