VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 5, 2018· Updated Sep 17, 2024

CVE-2017-17140

CVE-2017-17140

Description

Huawei Enjoy 5s and Y6 Pro smartphones lack parameter validation, allowing a malicious app to leak sensitive kernel memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Huawei Enjoy 5s and Y6 Pro smartphones lack parameter validation, allowing a malicious app to leak sensitive kernel memory.

Vulnerability

CVE-2017-17140 is an information leak vulnerability in Huawei Enjoy 5s and Y6 Pro smartphones. Affected versions are Enjoy 5s before TAG-AL00C92B170 and Y6 Pro before TIT-L01C576B121. The vulnerability exists due to the lack of parameter validation, which allows a malicious application to read sensitive information from kernel memory [1].

Exploitation

An attacker must trick a user into installing a malicious application on the smartphone. No additional privileges or network access are required beyond application installation. Once installed, the application can exploit the missing parameter validation to read kernel memory [1].

Impact

Successful exploitation leads to the disclosure of sensitive information from kernel memory. The exact nature of the leaked data is not specified, but it could include potentially critical system or user information. This is a confidentiality breach with no direct impact on integrity or availability [1].

Mitigation

Huawei has released fixed software versions: TAG-AL00C92B170 for Enjoy 5s and TIT-L01C576B121 for Y6 Pro. Users should update their devices to these versions or later. No workarounds are published. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog [1].

References
  1. Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Huawei/Enjoy 5sllm-create
    Range: <= TAG-AL00C92B170
  • Huawei/Y6 Prollm-create
    Range: <= TIT-L01C576B121
  • Huawei Technologies Co., Ltd./Enjoy 5s; Y6 Prov5
    Range: The versions before TAG-AL00C92B170

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.