PT-2018-4546 · Google · Android

Published

2018-04-18

Updated

2018-05-09

CVE-2015-9213

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05

Description The issue concerns the DIAG-EFS command EFS2 DIAG DELTREE, handled by the function fs diag deltree handler(), which is used to delete files and directories. This command is intended to only delete files and directories inside the /public folder.

Recommendations For Android versions prior to 2018-04-05, consider restricting access to the EFS2 DIAG DELTREE command to minimize the risk of exploitation. As a temporary workaround, consider disabling the fs diag deltree handler() function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

CVE-2015-9213

Affected Products

Android

PT-2018-4546 · Google · Android

CVE-2015-9213

Weakness Enumeration

Related Identifiers

Affected Products

References · 3