CVE-2017-17324
Description
Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei Mate 9 Pro camera driver integer overflow leads to buffer overflow and code execution via crafted app.
Vulnerability
In Huawei Mate 9 Pro smartphones with firmware versions LON-AL00BC00B139D and LON-AL00BC00B229, the camera driver does not properly validate external input parameters. This flaw causes an integer overflow, which subsequently leads to a buffer overflow in post-processing. The affected product is the Mate 9 Pro running the listed software versions [1].
Exploitation
An attacker must trick the user into installing a crafted application. No other authentication or network position is required; the malicious code executes within the context of the camera driver after the user installs and runs the application. The sequence involves the application sending specially crafted parameters to the camera driver, triggering the integer overflow and resulting buffer overflow [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code on the device. The compromise likely occurs at the kernel or system level, given the driver's elevated privileges, leading to full control of the device and potential data disclosure or persistent access [1].
Mitigation
Huawei released software update version 8.0.0.334(C00) to fix this vulnerability. Users on affected firmware LON-AL00BC00B139D or LON-AL00BC00B229 should update to the resolved version. The advisory was published on 2018-01-24. No workaround was provided; patching is the only mitigation. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog as of this writing [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: LON-AL00BC00B139D and LON-AL00BC00B229
- Huawei Technologies Co., Ltd./Mate 9 Prov5Range: LON-AL00BC00B139D
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-01-smartphone-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.