Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-21262

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.

CVE
#android#google#auth

)]}’ { "commit": "2c8973c39478cd3c8cf11d9f27cc0556a106d006", "tree": "63d403875e757bdc50dc63382303d1111ff61a80", "parents": [ “80e4a9f6dcde1ef5b775816865299718c3373934” ], "author": { "name": "Atneya Nair", "email": "[email protected]", "time": “Wed May 10 17:26:30 2023 -0700” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Tue May 23 17:23:31 2023 +0000” }, "message": "Force unsilence record clients on startInput\n\nWe call startRecording unconditionally in startInput, so we must\nupdate the client state to be unsilenced (since we are treating as\nsuch). We subsequently re-update the silence state (with the client\nmarked as active to dispatch ops) in updateUidStates_l.\n\nThis fixes an issue where we call startRecording for a silenced client,\nthen call it again when it moves to unsilenced when the client is active.\nSince startRecording is ref-counted, this leaves the client in the\nrecording state leading to incorrect appop attributions.\n\nBug: 279905816\nBug: 281485019\nTest: Manual verification of repro cases + verbose log analysis\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e7720b379bfaba648ab6d85c4c2df6f03ec854d3)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2951ad10a6641f9b3554d674877ad314e8cc011f)\nMerged-In: I31d50457ca8adae577407a28d4d4c0e8582bac5d\nChange-Id: I31d50457ca8adae577407a28d4d4c0e8582bac5d\n", "tree_diff": [ { "type": "modify", "old_id": "49224c5bb0c9897ba558fda22b9db2e1cb0595a1", "old_mode": 33188, "old_path": "services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp", "new_id": "5dd9b8cb2f1e1cecee337c2315ddbe469a983031", "new_mode": 33188, "new_path": “services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp” } ] }

Related news

CVE-2023-21256: Android Security Bulletin—July 2023

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907