Command injection

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, while processing fastboot flash command, memory leak or unexpected behavior may occur due to processing of unintialized data buffers...

CVE-2018-11259

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and...

CVE-2018-11259

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and...

CVE-2018-11259

This CVE (CVE-2018-11259) concerns Qualcomm Snapdragon devices (Automobile, Mobile, Wear) with NAND-based EFS storage. Root cause: improper access control allows fastboot access to erase the EFS partition, after which the apps processor has non-secure world read/write access to that partition unt...

CVE-2018-11259

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and...

CVE-2018-5854

A stack-based buffer overflow can occur in fastboot from all Android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the Linux kernel...

Stack overflow

A stack-based buffer overflow can occur in fastboot from all Android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the Linux kernel...

CVE-2018-5854

CVE-2018-5854 is a stack-based buffer overflow affecting the Qualcomm bootloader used in CAF/Linux-based Android deployments (fastboot). The vulnerability is classified as an Elevation of Privilege (EoP) issue with High/Critical impact, occurring in the bootloader component and enabling local pri...

OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader

Have you recently bought a OnePlus 6? Don't leave your phone unattended. A serious vulnerability has been discovered in the OnePlus 6 bootloader that makes it possible for someone to boot arbitrary or modified images to take full admin control of your phone—even if the bootloader is locked. A...

CVE-2018-5854

A stack-based buffer overflow can occur in fastboot from all Android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the Linux kernel...

Google Android Fastboot Qualcomm Component Elevation of Privilege Vulnerability

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Google Android Fastboot Qualcomm component. An attacker can exploit this vulnerability to achieve elevation of...

CVE-2017-2691

Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete t...

CVE-2017-2691

Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete t...

CVE-2017-2691

Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete t...

Design/Logic Flaw

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory...

CVE-2017-9701

Technical details about CVE-2017-9701 are not publicly available in the provided connected documents; the information comes from the initial description only. Monitor for updates.

Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass

Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-102...

Buffer overflow

In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur...

CVE-2017-8273

CVE-2017-8273: In Qualcomm CAF Android builds, a buffer overflow can occur while processing the fastboot boot command when verified boot is disabled, if the command length exceeds the boot image buffer. This affects the bootloader component and is described with a high-severity, local attack surf...

Motorola G4 & G5 mobile phone was traced to the presence of high-risk kernel command line injection vulnerability-vulnerability warning-the black bar safety net

In a previous article about the Nexus6 root vulnerability in the article, we had mentioned Vulnerability CVE-2016-10277 will likely affect the Motorola device. When we on Twitter by some of the relevant reports after the fact to prove our previous conjecture. In order to prove that Motorola devic...