On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as ‘rooting’ or “jail breaking” a device).
[
{
"product": "Lenovo Vibe and Lenovo China-only Moto Mobile Phones",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Earlier than 6.0"
}
]
}
]