Headline
CVE-2023-21278
In multiple locations, there is a possible way to obscure the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "49773f9d871dd8975128fccf71513928a5a97345", "tree": "0b2eafd1cd6da9c436a3632b188b8c94e71114d7", "parents": [ “06e772e05514af4aa427641784c5eec39a892ed3” ], "author": { "name": "Johannes Gallmann", "email": "[email protected]", "time": “Mon May 22 10:21:02 2023 +0200” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:34:09 2023 +0000” }, "message": "Fix PrivacyChip not visible issue\n\nBug: 281807669\nTest: Manual, i.e. posting the following sequence of events (within few milliseconds) to the scheduler and observe the behaviour with and without the fix: Mic in use -\u003e Mic not in use -\u003e Mic in use\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a45e1d045770eaabfdbf0e1212c9eb84caf1d565)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:20ea049a4a52dbc8d4e5ed957a2b6b9aa02a2f34)\nMerged-In: I9851e6ed4cb956d0459ef56251eb0ef3210764b8\nChange-Id: I9851e6ed4cb956d0459ef56251eb0ef3210764b8\n", "tree_diff": [ { "type": "modify", "old_id": "4e1404d0637b027eb488f3f6702b4afd7311e95a", "old_mode": 33188, "old_path": "packages/SystemUI/src/com/android/systemui/statusbar/events/StatusEvent.kt", "new_id": "31d196b542d718e03798522869549cb356fcc96c", "new_mode": 33188, "new_path": “packages/SystemUI/src/com/android/systemui/statusbar/events/StatusEvent.kt” } ] }
Related news
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.