CVE-2017-17176
Description
The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156, versions earlier before LON-CL00BC00B156, versions earlier before LON-DL00BC00B156, versions earlier before LON-TL00BC00B156 has a arbitrary memory read/write vulnerability due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute arbitrary code in the TrustZone.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei Mate 9/Mate 9 Pro hardware security module has an arbitrary memory read/write flaw enabling root attackers to execute code in TrustZone.
Vulnerability
The hardware security module (TrustZone) in Huawei Mate 9 and Mate 9 Pro smartphones contains an arbitrary memory read/write vulnerability due to insufficient validation of input parameters. Affected versions include those earlier than MHA-AL00BC00B156, MHA-CL00BC00B156, MHA-DL00BC00B156, MHA-TL00BC00B156, LON-AL00BC00B156, LON-CL00BC00B156, LON-DL00BC00B156, and LON-TL00BC00B156. [1]
Exploitation
An attacker must first obtain root privileges on the Android system. With root access, the attacker can exploit the vulnerability to read from or write to arbitrary memory locations within the TrustZone, and potentially execute arbitrary code. [1]
Impact
Successful exploitation allows an attacker to compromise the TrustZone secure environment, leading to arbitrary code execution at the highest privilege level. This can result in complete loss of confidentiality, integrity, and availability of TrustZone-protected assets. [1]
Mitigation
Huawei has released software updates to fix this vulnerability. The resolved versions are MHA-AL00BC00B156, MHA-CL00BC00B156, MHA-DL00BC00B156, MHA-TL00BC00B156, LON-AL00BC00B156, LON-CL00BC00B156, LON-DL00BC00B156, and LON-TL00BC00B156. Users should update their devices to these versions or later. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: LON-AL00BC00 < B156, LON-CL00BC00 < B156, LON-DL00BC00 < B156, LON-TL00BC00 < B156
- Huawei Technologies Co., Ltd./Mate 9, Mate 9 Prov5Range: Versions earlier before MHA-AL00BC00B156, Versions earlier before MHA-CL00BC00B156, Versions earlier before MHA-DL00BC00B156, Versions earlier before MHA-TL00BC00B156, Versions earlier before LON-AL00BC00B156, Versions earlier before LON-CL00BC00B156, Versions earlier before LON-DL00BC00B156, Versions earlier before LON-TL00BC00B156
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20170306-01-smartphone-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.