PT-2018-8289 · Google+2 · Android Bootloader+2

Roee Hay

Published

2018-03-29

Updated

2021-08-12

CVE-2017-5947

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OnePlus devices versions OxygenOS 5.0 and earlier

Description An issue allows an attacker to reboot the device into the Qualcomm Emergency Download (EDL) mode, potentially enabling the downgrading of partitions such as the Android Bootloader. This can be achieved through ADB or by using the Volume-Up button when connected to USB.

Recommendations For OxygenOS 5.0 and earlier, consider restricting access to ADB and physical interactions with the device, such as limiting the use of the Volume-Up button when connected to USB, until a patch is available. As a temporary workaround, restrict physical access to the device to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-5947

Affected Products

Android Bootloader

Oxygenos

Qualcomm Emergency Download (Edl) Mode

PT-2018-8289 · Google+2 · Android Bootloader+2

CVE-2017-5947

Related Identifiers

Affected Products

References · 3