2 matches found
CVE-2017-5624
CVE-2017-5624 affects OnePlus 3/3T OxygenOS before 4.0.3, where the attacker can bypass dm-verity by issuing fastboot oem disable_dm_verity, causing the kernel to verify no partitions and enabling persistent code execution and privilege escalation. Public writeups describe a chain with CVE-2017-5...
Get a locked OnePlus 3/3T: boot loader vulnerability-vulnerability warning-the black bar safety net
In this article, I disclosed the OnePlus 3/3T boot loader in the two holes. The first CVE-2017-5626 is the impact of OxygenOS 3.2-4.0.1(4.0.2 to patch high-risk vulnerabilities. The vulnerability allows a physical opponent or use ADB/ FASTBOOT access to bypass the bootloader lock state, even if t...