Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2016-10277

Published: 12/05/2017 Updated: 06/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 936
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 3.18

linux linux kernel 3.10

Exploits

Exploit DB: Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Sources: alephsecuritycom/2017/08/30/untethered-initroot/ githubcom/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass (CVE-2016-10277) By Roee Hay / Aleph Research, HCL Technologies Recap of the Vulnerability and the Tethered-jailbreak 1 Vulnerable versions o ...

Github Repositories

https://github.com/alephsecurity/initroot

Motorola Untethered Jailbreak: Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass

initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass (CVE-2016-10277) By Roee Hay / Aleph Research, HCL Technologies First stage exploit: Tethered jailbreak This exploit gains an ephemeral unrestricted root access on the device For example, on cedric (some messages were removed for readability): $ cd /tethered/cedric $ /initroot-

https://github.com/leosol/initroot

Exploiting CVE-2016-10277 for Secure Boot and Device Locking bypass

Exploiting CVE-2016-10277 More information at: alephsecuritycom/2017/06/07/initroot-moto/ If you just want to check if your device is vulnerable, it might be quicker if you just flash stock ramdisk (without any modifications) If it's your case, just look for initroot-*-STOCK*cpiogz Motorola XT-1033 Scratch Address: 0x11000000 Padding: 64MB Stockrom padded ram

https://github.com/alephsecurity/edlrooter

edlrooter By Roee Hay (@roeehay), Aleph Research adb shell -> root exploit for Google Nexus 6 using a leaked Qualcomm Emergency Download (EDL) Mode programmer Exploits CVE-2017-13174 for downgrading ABOOT to a CVE-2016-10277 (initroot susceptible version) Please note: Google could not reproduce our PoC (getting into EDL) Our test device has a relocked bootloader Mor

References

CWE-264https://source.android.com/security/bulletin/2017-05-01http://www.securityfocus.com/bid/98149https://www.exploit-db.com/exploits/42601/https://nvd.nist.govhttps://www.exploit-db.com/exploits/42601/https://github.com/alephsecurity/initroot
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook