CVE-2017-15345
Description
A crafted 3GPP message causes an unreachable loop exit condition, leading to a denial of service via device reboot on affected Huawei smartphones.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted 3GPP message causes an unreachable loop exit condition, leading to a denial of service via device reboot on affected Huawei smartphones.
Vulnerability
The vulnerability exists in Huawei smartphones running software version LON-L29DC721B186 and earlier. A specially crafted 3GPP message triggers an infinite loop condition where the loop exit condition can never be reached, causing the device to become unresponsive and reboot [1].
Exploitation
An attacker with network access to the target device can send a crafted 3GPP message to exploit this vulnerability. No authentication is required, and the attacker does not need physical access to the device. The exploit involves sending the malicious message over the air interface, which then causes the baseband firmware to enter an infinite loop [1].
Impact
Successful exploitation results in a denial of service condition, causing the device to repeatedly reboot. This renders the device temporarily unusable and disrupts normal operations such as voice calls, data connectivity, and other smartphone functions. The vulnerability affects the availability of the device but does not lead to information disclosure or privilege escalation [1].
Mitigation
Huawei has released software updates to fix this vulnerability. Affected products and their resolved versions are listed in the security advisory [1]. Users are advised to upgrade to the latest firmware version for their device model. No workarounds are available, and this vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog at the time of writing.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: LON-L29DC721B186
- Huawei Technologies Co., Ltd./LON-L29Dv5Range: LON-L29DC721B186
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-smartphone-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.