CVE-2017-17176

Name of the Vulnerable Software and Affected Versions: Huawei Mate 9 versions earlier than MHA-AL00BC00B156 Huawei Mate 9 Pro versions earlier than MHA-CL00BC00B156 Huawei Mate 9 versions earlier than MHA-DL00BC00B156 Huawei Mate 9 versions earlier than MHA-TL00BC00B156 Huawei Mate 9 versions earlier than LON-AL00BC00B156 Huawei Mate 9 Pro versions earlier than LON-CL00BC00B156 Huawei Mate 9 versions earlier than LON-DL00BC00B156 Huawei Mate 9 versions earlier than LON-TL00BC00B156

Description: The hardware security module of the affected devices has an arbitrary memory read/write issue due to inadequate input parameters validation. An attacker with root privilege of the Android system could exploit this to read and write memory data or execute arbitrary code in the TrustZone.

Recommendations: For versions earlier than MHA-AL00BC00B156, update to version MHA-AL00BC00B156 or later. For versions earlier than MHA-CL00BC00B156, update to version MHA-CL00BC00B156 or later. For versions earlier than MHA-DL00BC00B156, update to version MHA-DL00BC00B156 or later. For versions earlier than MHA-TL00BC00B156, update to version MHA-TL00BC00B156 or later. For versions earlier than LON-AL00BC00B156, update to version LON-AL00BC00B156 or later. For versions earlier than LON-CL00BC00B156, update to version LON-CL00BC00B156 or later. For versions earlier than LON-DL00BC00B156, update to version LON-DL00BC00B156 or later. For versions earlier than LON-TL00BC00B156, update to version LON-TL00BC00B156 or later.