Vulnerability Description
An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oneplus | Oxygenos | <= 5.0 |
| Oneplus | Oneplus 2 | - |
| Oneplus | Oneplus 3 | - |
| Oneplus | Oneplus 3T | - |
| Oneplus | Oneplus 5 | - |
| Oneplus | Oneplus One | - |
| Oneplus | Oneplus X | - |
References
- https://alephsecurity.com/vulns/aleph-2017007Third Party Advisory
- https://alephsecurity.com/vulns/aleph-2017007Third Party Advisory
FAQ
What is CVE-2017-5947?
CVE-2017-5947 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by u...
How severe is CVE-2017-5947?
CVE-2017-5947 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5947?
Check the references section above for vendor advisories and patch information. Affected products include: Oneplus Oxygenos, Oneplus Oneplus 2, Oneplus Oneplus 3, Oneplus Oneplus 3T, Oneplus Oneplus 5.