In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 732.0, "function_hash": "192302932255993372743390949032408145466" }, "id": "ASB-A-157708122-0eca38f4", "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee", "deprecated": false, "signature_version": "v1", "target": { "file": "services/audioflinger/FastCaptureDumpState.cpp", "function": "FastCaptureDumpState::dump" }, "signature_type": "Function" }, { "digest": { "length": 1890.0, "function_hash": "308497860092658106857912636074906868801" }, "id": "ASB-A-157708122-24f67917", "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee", "deprecated": false, "signature_version": "v1", "target": { "file": "services/audioflinger/FastCapture.cpp", "function": "FastCapture::onWork" }, "signature_type": "Function" }, { "digest": { "length": 1821.0, "function_hash": "203739049774684817361962569684422259567" }, "id": "ASB-A-157708122-34a7bb38", "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee", "deprecated": false, "signature_version": "v1", "target": { "file": "services/audioflinger/FastCapture.cpp", "function": "FastCapture::onStateChange" }, "signature_type": "Function" }, { "digest": { "length": 10375.0, "function_hash": "307647730563951411349261672827620712855" }, "id": "ASB-A-157708122-51be9b95", "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee", "deprecated": false, "signature_version": "v1", "target": { "file": "services/audioflinger/Threads.cpp", "function": "AudioFlinger::RecordThread::threadLoop" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "28879973194666674069619382835320607540", "42431378792995729008600465033789555822", "71652336381509576195892552878543306727", "71551613949163786555253353223850974204", "58462320572149329870532146511620417523", "296934329387867217837072854433872139931", "319569798212884890011927857981983319805", "11767648047202000041542234080576618419", "305097527633310242986462940995803812165", "185900448113135469913756585778742568751", "327017289637128397409326840763101853532", "265800037360103877003901491127247872201", "321591995182558919841019982132346356817", "338506526798501588118065852265462216396", "212693682550950268690131924197530422938", "330600373597849491654093855121998228524", "17708745642851779128442595465889124198" ] }, "id": "ASB-A-157708122-743f2bb0", "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee", "deprecated": false, "signature_version": "v1", "target": { "file": "services/audioflinger/Threads.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "253727651779795428183386532228640373824", "160403265369405099828276038875306700619", "179306790537947811462684374803173002181", "274145434775996694417493172714124526732" ] }, "id": "ASB-A-157708122-78cd87de", "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee", "deprecated": false, "signature_version": "v1", "target": { "file": "services/audioflinger/FastCaptureDumpState.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "32283919474012216993249654008933083599", "222099353692878828793791243268739942348", "52631463642015862984110174685063312059" ] }, "id": "ASB-A-157708122-86847d15", "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee", "deprecated": false, "signature_version": "v1", "target": { "file": "services/audioflinger/FastCaptureState.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "56731254269951524408730696766507514560", "104284439836880073007122534386190974277", "311885209257610818065200174043456605463", "174734497041018479228180325415269623146", "5625625578905809330230768954635832977", "322667807217891777869519709328243148460" ] }, "id": "ASB-A-157708122-95e3b1f7", "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee", "deprecated": false, "signature_version": "v1", "target": { "file": "services/audioflinger/FastCaptureDumpState.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "99431807313654351016408561816695074794", "231448156370392500427232266983959729612", "34182358523655785581280670199717640102", "301376523875965396454568666906826660559", "245540161682526562043323222467591328860", "214012968776803252716336126304941609208", "38547856499966883717110788565598825844" ] }, "id": "ASB-A-157708122-f64f8540", "source": "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee", "deprecated": false, "signature_version": "v1", "target": { "file": "services/audioflinger/FastCapture.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/33403f0ef8ec7e6217f4969879fa81101e6b84ee" ], "spl": "2020-10-01", "severity": "High", "types": [ "ID" ] }