CVE-2019-15027 Information

Feb 14, 2021 cve

Description

The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx MT66xx and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes ‘system(/system/bin/rm -r /data/’ followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://dojo.bullguard.com/dojo-by-bullguard/blog/gaining-rooting-primitives-for-android-mediatek-chips/ https://github.com/andr3jx/MTK6577/blob/238012ebf18e3751397884d1742ff7ab6417e80d/mediatek/platform/mt6577/external/meta/emmc/meta_clr_emmc.cL302-L305

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: