ASB-A-157708122

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-157708122.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-157708122
Aliases
  • A-157708122
  • CVE-2020-0414
Published
2020-10-01T00:00:00Z
Modified
2024-08-07T19:30:11.493523Z
Summary
[AOSP] getting microphone from chrome with a getusermedia and echo cancellation active can lead to privacy concern
Details

In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2020-10-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 732.0,
                "function_hash": "192302932255993372743390949032408145466"
            },
            "id": "ASB-A-157708122-0eca38f4",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/audioflinger/FastCaptureDumpState.cpp",
                "function": "FastCaptureDumpState::dump"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1890.0,
                "function_hash": "308497860092658106857912636074906868801"
            },
            "id": "ASB-A-157708122-24f67917",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/audioflinger/FastCapture.cpp",
                "function": "FastCapture::onWork"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1821.0,
                "function_hash": "203739049774684817361962569684422259567"
            },
            "id": "ASB-A-157708122-34a7bb38",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/audioflinger/FastCapture.cpp",
                "function": "FastCapture::onStateChange"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 10375.0,
                "function_hash": "307647730563951411349261672827620712855"
            },
            "id": "ASB-A-157708122-51be9b95",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/audioflinger/Threads.cpp",
                "function": "AudioFlinger::RecordThread::threadLoop"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "28879973194666674069619382835320607540",
                    "42431378792995729008600465033789555822",
                    "71652336381509576195892552878543306727",
                    "71551613949163786555253353223850974204",
                    "58462320572149329870532146511620417523",
                    "296934329387867217837072854433872139931",
                    "319569798212884890011927857981983319805",
                    "11767648047202000041542234080576618419",
                    "305097527633310242986462940995803812165",
                    "185900448113135469913756585778742568751",
                    "327017289637128397409326840763101853532",
                    "265800037360103877003901491127247872201",
                    "321591995182558919841019982132346356817",
                    "338506526798501588118065852265462216396",
                    "212693682550950268690131924197530422938",
                    "330600373597849491654093855121998228524",
                    "17708745642851779128442595465889124198"
                ]
            },
            "id": "ASB-A-157708122-743f2bb0",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/audioflinger/Threads.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "253727651779795428183386532228640373824",
                    "160403265369405099828276038875306700619",
                    "179306790537947811462684374803173002181",
                    "274145434775996694417493172714124526732"
                ]
            },
            "id": "ASB-A-157708122-78cd87de",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/audioflinger/FastCaptureDumpState.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "32283919474012216993249654008933083599",
                    "222099353692878828793791243268739942348",
                    "52631463642015862984110174685063312059"
                ]
            },
            "id": "ASB-A-157708122-86847d15",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/audioflinger/FastCaptureState.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "56731254269951524408730696766507514560",
                    "104284439836880073007122534386190974277",
                    "311885209257610818065200174043456605463",
                    "174734497041018479228180325415269623146",
                    "5625625578905809330230768954635832977",
                    "322667807217891777869519709328243148460"
                ]
            },
            "id": "ASB-A-157708122-95e3b1f7",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/audioflinger/FastCaptureDumpState.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "99431807313654351016408561816695074794",
                    "231448156370392500427232266983959729612",
                    "34182358523655785581280670199717640102",
                    "301376523875965396454568666906826660559",
                    "245540161682526562043323222467591328860",
                    "214012968776803252716336126304941609208",
                    "38547856499966883717110788565598825844"
                ]
            },
            "id": "ASB-A-157708122-f64f8540",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/audioflinger/FastCapture.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee"
    ],
    "spl": "2020-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}