In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 345.0, "function_hash": "268792081833298830603257468193885673443" }, "id": "ASB-A-229793943-151184d9", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/VoiceInteractionService.java", "function": "createAlwaysOnHotwordDetector" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "39429120922972198039769161851563903144", "304950215424159639588088796210239162319", "57642196958783616466379264766939045864", "60334943284025406376342977394125157395", "296228706799292982907803889574622517196", "203805057697325936155584747953553774042", "8133263302634861355611963773430441834", "20144300044472442296513035297518135922", "130176514558918806152083455453960710763", "65093502078892191955959796958331491968", "33537364027611131541703298593840510511", "127098640926403445488826403784410097840", "151832990210662342220484884656486526965", "8095637008444099761797145653665595392", "308428658724877478203466980467177494144", "157027092499714355110571361720986751702", "15824715075697299905140779585916893921", "179695989650876631991712152881802208719", "286773877196749645231423464000591592960", "186756668137126204243070899508891192209", "221457834034628629866299955269269317175", "36281802697082366426670928781953652586", "178488359190798483900294763329980687690", "48653496613556041111274170255486618035", "13976730259860965856247133048222613436", "7970470052891484227333512704102074361", "12974091039369178675710623946723542848", "96294922619740244301185886444154145657", "29270376455032366522667763755489441970", "20196236264471553709552736195331307437", "233621658303085992823897883593113697349", "195146928299530768606602707629795191444", "295766841397103983367986761161725152328", "231035214251319719830587864351657260461", "779629645106547034772293086899090508", "301433702036868720322766033796874068731", "49624355514319690820746129819664554137", "283770066080112878199243981070752693240", "43087646627270497658598744043341937219" ] }, "id": "ASB-A-229793943-255f8828", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java" }, "signature_type": "Line" }, { "digest": { "length": 259.0, "function_hash": "192919914355958042483241079762620216395" }, "id": "ASB-A-229793943-25bbb502", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java", "function": "stopRecognition" }, "signature_type": "Function" }, { "digest": { "length": 802.0, "function_hash": "106222795401219275711242485874643388852" }, "id": "ASB-A-229793943-3884a7de", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java", "function": "startRecognition" }, "signature_type": "Function" }, { "digest": { "length": 391.0, "function_hash": "309122013809544488715615301484441877822" }, "id": "ASB-A-229793943-6707f8ff", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "stopRecognition" }, "signature_type": "Function" }, { "digest": { "length": 475.0, "function_hash": "209212899586811252712319966473640781068" }, "id": "ASB-A-229793943-6d692344", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "internalGetInitialAvailability" }, "signature_type": "Function" }, { "digest": { "length": 217.0, "function_hash": "304899824646000021907389210412498240030" }, "id": "ASB-A-229793943-76a2963e", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java", "function": "getDspModuleProperties" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "71850842956664155650407501270331963066", "186057487005214590133014466041155756732", "79244779593358975916961476030459684841", "111091331210675167050311121788391967219" ] }, "id": "ASB-A-229793943-88861fc7", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/VoiceInteractionService.java" }, "signature_type": "Line" }, { "digest": { "length": 443.0, "function_hash": "263183374449922987837066702325598751573" }, "id": "ASB-A-229793943-a8a58387", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "startRecognition" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "103665268779873828901717305872462452203", "176038228102208840979227146243238134766", "241516124482182919531028886553761451992", "24969762068506326160961342198286487007", "261944822222860686288861484427612421754", "137786394222868463414079341245717815221", "131869129459473334597385685526189025662", "123591928327660673218321269807564497679", "156661038651416837767410303045498640173", "55840117949601117445307583655024185812", "189154813020768443255903581507529284177", "295336304350017095124074295089434270769", "88730673901478514309017150748047786483", "248797779783433515875543567000265980529", "74944550283950425979889379478751673871" ] }, "id": "ASB-A-229793943-af4122ab", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 453.0, "function_hash": "226945093887177471514695802275283137004" }, "id": "ASB-A-229793943-c2b9c5ca", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "AlwaysOnHotwordDetector" }, "signature_type": "Function" }, { "digest": { "length": 340.0, "function_hash": "180644587877536539582372726651525889003" }, "id": "ASB-A-229793943-d3d90e99", "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "onSoundModelsChanged" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a" ], "spl": "2022-11-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 199.0, "function_hash": "121163304685669064801147153599401173943" }, "id": "ASB-A-229793943-183aaa1f", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java", "function": "getDspModuleProperties" }, "signature_type": "Function" }, { "match_only_versions": [ "11" ], "digest": { "length": 144.0, "function_hash": "75261566191425585188056694307240062170" }, "id": "ASB-A-229793943-2200a90b", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "getSupportedAudioCapabilities" }, "signature_type": "Function" }, { "digest": { "length": 332.0, "function_hash": "160596218525656894270415911529633157251" }, "id": "ASB-A-229793943-2428a053", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/VoiceInteractionService.java", "function": "createAlwaysOnHotwordDetector" }, "signature_type": "Function" }, { "digest": { "length": 325.0, "function_hash": "251411570944482449770537259056503763098" }, "id": "ASB-A-229793943-3b9733c8", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "setParameter" }, "signature_type": "Function" }, { "digest": { "length": 391.0, "function_hash": "309122013809544488715615301484441877822" }, "id": "ASB-A-229793943-3c273e48", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "stopRecognition" }, "signature_type": "Function" }, { "digest": { "length": 292.0, "function_hash": "218087066791735831450394535137307342728" }, "id": "ASB-A-229793943-40def9a0", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "queryParameter" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "39429120922972198039769161851563903144", "117890962540872620823203818321233744637", "118415992287012760099097902506508925232", "293087356082566798363745234050478847060", "54150644513883517900145624334680268198", "191754956005059456503966720902922643488", "8133263302634861355611963773430441834", "20144300044472442296513035297518135922", "130176514558918806152083455453960710763", "84043303120838937372012352086566273413", "209040505048499201741824801988944347898", "181269475831526145757641504029105210475", "151832990210662342220484884656486526965", "8095637008444099761797145653665595392", "156960803996515009614616410198885984543", "158248979936375384349290818324673943421", "11511238941924046858154939196159495969", "286773877196749645231423464000591592960", "115100939880717158036513774413586161054", "111940522371380421965869963742101527466", "39913039416366101726715494019934010351", "275236796086632068950982007994230457488", "64667782517250038566513056047410945564", "67848175416080239913387570286991526945", "178488359190798483900294763329980687690", "46357406777809237045124121212485436147", "270146187345033499818523850464349144495", "175217144884994071926622330513154372872", "66817363122483711407669306843766938641", "176959706660054070101783645027166812282", "13976730259860965856247133048222613436", "7970470052891484227333512704102074361", "12974091039369178675710623946723542848", "96294922619740244301185886444154145657", "29270376455032366522667763755489441970", "20196236264471553709552736195331307437", "233621658303085992823897883593113697349", "38928174972728894798780628785891760602", "318020180769958064745181150720248022959", "207054907524307960449038075257602413896", "118493861930775334639814735406253004551", "60594132601172219935231149376243329242", "57477500921344994023246205012115392343", "276363256189857807118275468513992784451", "282312607648101469343700398972707739001", "300970083969183107519365745290024735943", "45916812174170777426318047399252274449", "304157192807688088413053615528789121884", "229557134002949299128076675913748315910", "333880835429090839180744885059092721654", "266455696464354231959567005244521123324", "301433702036868720322766033796874068731", "49624355514319690820746129819664554137", "283770066080112878199243981070752693240", "43087646627270497658598744043341937219" ] }, "id": "ASB-A-229793943-662a9ac7", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java" }, "signature_type": "Line" }, { "digest": { "length": 327.0, "function_hash": "129205427447181081647778101757515409278" }, "id": "ASB-A-229793943-67ecf429", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "AlwaysOnHotwordDetector" }, "signature_type": "Function" }, { "digest": { "length": 443.0, "function_hash": "263183374449922987837066702325598751573" }, "id": "ASB-A-229793943-73a80c14", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "startRecognition" }, "signature_type": "Function" }, { "digest": { "length": 288.0, "function_hash": "67504798280387632059188109663395131331" }, "id": "ASB-A-229793943-7672e482", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "getParameter" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "71850842956664155650407501270331963066", "23811837602777859803716522196686206152", "218180269284275994672357611955584636558", "259338822093399307637241271699964510020" ] }, "id": "ASB-A-229793943-77c945f5", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/VoiceInteractionService.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "55824939962680051179440163111295607849", "276480800319649749443048588413509462470", "74875233791813765017285193355724001969", "286306047286077873288157880837551624768", "223608018001954816028804605581661874543", "53096620931555397110537196885405924502", "34292642266004627072256145991639388958", "224825319390532417462144722040111557303", "275505201579371436989431831930085413345", "218786043703238320221024953805976699080", "243808722196243408854790390209296126983", "315851049973466965960087411137577680596", "166734037699511194776569826221094504040", "3286713179502397198204931492514272067", "307557744827734319397101083426308618540", "163285364139514902005427702345691499014", "291498217275191668737841181807132868230", "138216753513874267857829048376397024126", "70458956568163504524288979819039482756", "70441278338043826199252656309406397615", "251301715081416765391259814986586881929", "198129955424184079481420337743264718533", "322706825037750360624691711069340219668", "200472649355358673497686473917751085933", "120879771770049083017505929568406199284", "17522803828384757346319709367550813825", "291732220753007243050125945115427518046" ] }, "id": "ASB-A-229793943-7c808f5e", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 275.0, "function_hash": "218806517626778073723430364948979538760" }, "id": "ASB-A-229793943-99884e62", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java", "function": "setParameter" }, "signature_type": "Function" }, { "digest": { "length": 253.0, "function_hash": "6388109976811691982819738453053202572" }, "id": "ASB-A-229793943-a16b6b81", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java", "function": "getParameter" }, "signature_type": "Function" }, { "digest": { "length": 239.0, "function_hash": "325209012025704191590391678518182872170" }, "id": "ASB-A-229793943-ac2aba41", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java", "function": "stopRecognition" }, "signature_type": "Function" }, { "digest": { "length": 322.0, "function_hash": "8830155571170381923029893228280576471" }, "id": "ASB-A-229793943-c1076387", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "internalGetInitialAvailability" }, "signature_type": "Function" }, { "digest": { "length": 792.0, "function_hash": "50816120120273683774063267458630200916" }, "id": "ASB-A-229793943-db19e019", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java", "function": "startRecognition" }, "signature_type": "Function" }, { "digest": { "length": 253.0, "function_hash": "6388109976811691982819738453053202572" }, "id": "ASB-A-229793943-e455eba4", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java", "function": "queryParameter" }, "signature_type": "Function" }, { "digest": { "length": 345.0, "function_hash": "56800311192390566272125734333754509010" }, "id": "ASB-A-229793943-fb854068", "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09", "deprecated": true, "signature_version": "v1", "target": { "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java", "function": "onSoundModelsChanged" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09" ], "spl": "2022-11-01", "severity": "High", "types": [ "EoP" ] }