Vulnerability Description
The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediatek | Mt8163 Firmware | - |
| Mediatek | Mt8163 | - |
| Mediatek | Mt6625 Firmware | - |
| Mediatek | Mt6625 | - |
| Mediatek | Mt6577 Firmware | - |
| Mediatek | Mt6577 | - |
Related Weaknesses (CWE)
References
- https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-forExploitThird Party Advisory
- https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80dThird Party Advisory
- https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-forExploitThird Party Advisory
- https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80dThird Party Advisory
FAQ
What is CVE-2019-15027?
CVE-2019-15027 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filena...
How severe is CVE-2019-15027?
CVE-2019-15027 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-15027?
Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Mt8163 Firmware, Mediatek Mt8163, Mediatek Mt6625 Firmware, Mediatek Mt6625, Mediatek Mt6577 Firmware.