CVE-2017-17227
Description
GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei Mate 10 GPU driver has an out-of-bounds memory access vulnerability that can be triggered by a malicious app, leading to crash or arbitrary code execution.
Vulnerability
The GPU driver in Huawei Mate 10 smartphones contains an out-of-bounds memory access vulnerability (CVE-2017-17227) due to insufficient input parameter validation. Affected versions include those before ALP-L09 8.0.0.120(C212), before ALP-L09 8.0.0.127(C900), and before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) [1]. The flaw resides in the driver’s handling of special parameters passed from userspace applications [1].
Exploitation
To exploit this vulnerability, an attacker must trick a user into installing a malicious application on the targeted Huawei Mate 10 device [1]. Once installed, the application can invoke the GPU driver with specially crafted parameters, causing the driver to access memory outside the intended buffer boundaries [1]. No additional authentication or special privileges are required beyond the ability to execute the malicious app on the device [1].
Impact
Successful exploitation can result in a denial-of-service condition (phone crash) or, potentially, arbitrary code execution within the context of the GPU driver [1]. Arbitrary code execution could allow the attacker to gain elevated privileges or compromise the integrity and confidentiality of the device [1]. The scope is limited to the affected GPU driver component, but full device compromise is possible if code execution is achieved [1].
Mitigation
Huawei has released software updates to fix this vulnerability. The resolved versions are ALP-L09 8.0.0.120(C212), ALP-L09 8.0.0.127(C900), and ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652), depending on the original software variant [1]. Users should update their devices to the appropriate fixed version as soon as possible. There is no known workaround for unpatched devices [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Huawei Technologies Co., Ltd./Mate 10v5Range: The versions before ALP-L09 8.0.0.120(C212)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.