Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-20942

In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE
#android#google#auth#sap

)]}’ { "commit": "bae3b00a5873d1562679a1289fd8490178cfe064", "tree": "8a87ef2bda8f258a7d5c2ef13925498f6667b887", "parents": [ “c267873fb58b0c8798147254a8bb130bd20a846b” ], "author": { "name": "Eric Laurent", "email": "[email protected]", "time": “Thu Nov 10 16:04:44 2022 +0100” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Dec 08 04:02:38 2022 +0000” }, "message": "audio: fix missing package name in attribution source\n\nThe attribution source passed by OpenSL ES does not have a package name\nwhich is needed to register for app ops changes.\nThis CL moves the attribution source verification before we call\nAudioPolicyManager getInputForAttr so that the package name is correct\nwhen registering for app ops.\nThis CL also:\n- limits the attribution check to filling missing package name\n- adds system server in trusted source for client UIDs.\n- removes redundant UID check in AudioPolicyService getOutputForAttr and\ngetInputForAttr as those are only called from AudioFlinger after verification\n- Add missing attribution source verification in openMmapStream()\n\nBug: 243376549\nBug: 258021433\nTest: verify app ops work with WhatsApp\nTest: audio capture regression\nChange-Id: I40040b8ace382f145dcfc8d04d81dcf6a259dfeb\nMerged-In: I40040b8ace382f145dcfc8d04d81dcf6a259dfeb\n(cherry picked from commit 9ff3e533ef45173bb4014ff20b801fcbda88b1db)\n(cherry picked from commit 74058e6f701d8c4200858781d2d3a150ea4fa3bb)\nMerged-In: I40040b8ace382f145dcfc8d04d81dcf6a259dfeb\n", "tree_diff": [ { "type": "modify", "old_id": "f7576f670b767a770a3b6fbb8fe3d851b8d17b3e", "old_mode": 33188, "old_path": "services/audioflinger/AudioFlinger.cpp", "new_id": "23a3a36c781edb427ef4daf0f224418f72777497", "new_mode": 33188, "new_path": “services/audioflinger/AudioFlinger.cpp” }, { "type": "modify", "old_id": "07e82a8f9677c334f4cf813ea7ec612fba01758e", "old_mode": 33188, "old_path": "services/audioflinger/Threads.cpp", "new_id": "683e32007368dc23ae17916205d4705c63415a7e", "new_mode": 33188, "new_path": “services/audioflinger/Threads.cpp” }, { "type": "modify", "old_id": "613502094d2b79e11bf861b4fa375d15a67efcf4", "old_mode": 33188, "old_path": "services/audioflinger/Tracks.cpp", "new_id": "83a8bb0d5fe1e1794843a406ae784853beca81b9", "new_mode": 33188, "new_path": “services/audioflinger/Tracks.cpp” }, { "type": "modify", "old_id": "df49bba79a2466a5972e7ea7b9543b28ba145baf", "old_mode": 33188, "old_path": "services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp", "new_id": "49224c5bb0c9897ba558fda22b9db2e1cb0595a1", "new_mode": 33188, "new_path": “services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp” } ] }

Related news

CVE-2023-44109: October

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-21256: Android Security Bulletin—July 2023

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2022-20455: Android Security Bulletin—February 2023

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907