CVE-2017-17285

Name of the Vulnerable Software and Affected Versions: Huawei mobile phones with software LON-AL00BC00B229 and earlier versions

Description: The issue is related to a buffer overflow vulnerability in the Bluetooth module of certain Huawei mobile phones. This vulnerability is caused by insufficient input validation, allowing an unauthenticated attacker to craft malicious Bluetooth AVDTP/AVCTP messages after successful pairing, which can lead to a buffer overflow. A successful exploit may result in code execution.

Recommendations: For versions LON-AL00BC00B229 and earlier, update the software to a version later than LON-AL00BC00B229 to resolve the issue. As a temporary workaround, consider restricting Bluetooth pairing to trusted devices until a patch is available.