CVE-2017-13247Missing Authorization in INC Android

CWE-862Missing Authorization4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 93.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google INC Android
Timeline
PublishedFeb 12
Latest updateMay 13

Description

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5google_inc/androidAndroid kernel

🔴Vulnerability Details

2
GHSA
GHSA-53v4-4mhp-26cr: In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock2022-05-13
CVEList
CVE-2017-13247: In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock2018-02-12

📋Vendor Advisories

1
Android
CVE-2017-13247: Bootloader2018-02-01
CVE-2017-13247 — Missing Authorization in INC Android | cvebase