CVE Identifier: CVE-2017-5622 Severity: Critical Affected Products: - OnePlus 3T - OnePlus 3 Vulnerable Version: OxygenOS 4.0.2 and below Mitigation: Upgrade to OxygenOS 4.0.3 or later. Technical Details: - Connecting a charger to a powered off OnePlus 3/3T device could exploit ADB authorization to open a session and exploit other vulnerabilities. - The malicious charger can reboot the device into bootloader mode to further exploit vulnerabilities. - A video demonstrates how the charger can gain root shell, put SELinux in permissive mode, and execute kernel code. - Exploiting CVE-2017-5622, CVE-2017-5624, and CVE-2017-5626 can replace the system partition and install a privileged app without the user's knowledge. Timeline: - 25-Jan-17: CVE ID requested. - 29-Jan-17: CVE-2017-5622 assigned. - 01-Mar-17: Added as ALEPH-2017004. - 26-Mar-17: Public disclosure. Credit: Roee Hay (@roeehay) of Aleph Research, HCL Software