CVE-2019-15027

Name of the Vulnerable Software and Affected Versions MediaTek Embedded Multimedia Card (eMMC) subsystem versions (affected versions not specified)

Description The issue allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data. This is because the clear emmc nomedia entry function in platform/mt6577/external/meta/emmc/meta clr emmc.c invokes a system command with the filename upon an eMMC clearance from a Meta Mode boot. The command executed is /system/bin/rm -r /data/ followed by the filename.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.