High severity8.1NVD Advisory· Published Jan 23, 2017· Updated May 13, 2026

CVE-2017-5554

Description

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive.

Affected products

Oneplus/Oxygenos
cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*
Range: <=3.2.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/95706nvdThird Party AdvisoryVDB Entry
securityresear.ch/2017/01/11/fastboot-oem-selinux-permissive/nvdThird Party Advisory
www.xda-developers.com/oneplus-33t-bootloader-vulnerability-allows-changing-of-selinux-to-permissive-mode-in-fastboot/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000