According to the reports, Android Bootloader (ABOOT) on the Moto G4, Moto G5, and other possible Motorola devices were vulnerable to the same attack that they announced for the Nexus 6 (CVE-2016-10277).
As explained by XDA developers, this whole process allows the attacker to inject a parameter (named initrd) which is able to force the Linux kernel to populate initramfs into rootfs from a specified physical address. The attack also allows an attacker to abuse the download function in ABOOT to put a malicious initramfs at a known physical address. Moreover, the attacker is able to gain an unrestricted root shell.
However, Google has patched this issue in May’s security update. OTA updates of May Android patch is already available for a few Moto Z Play and Moto Z Smartphones. We will let you know once the update is out for the Moto G4, Moto G5, and other Motorola devices.
Via: XDA Developers | Source: Aleph Research