ASB-A-229793943

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-229793943.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-229793943
Aliases
  • A-229793943
  • CVE-2022-20446
Published
2022-11-01T00:00:00Z
Modified
2024-08-07T19:29:03.709307Z
Summary
AlwaysOnHotwordDetector allows hotword detection without CAPTURE_AUDIO_HOTWORD permission
Details

In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-11-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 345.0,
                "function_hash": "268792081833298830603257468193885673443"
            },
            "id": "ASB-A-229793943-151184d9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/VoiceInteractionService.java",
                "function": "createAlwaysOnHotwordDetector"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "39429120922972198039769161851563903144",
                    "304950215424159639588088796210239162319",
                    "57642196958783616466379264766939045864",
                    "60334943284025406376342977394125157395",
                    "296228706799292982907803889574622517196",
                    "203805057697325936155584747953553774042",
                    "8133263302634861355611963773430441834",
                    "20144300044472442296513035297518135922",
                    "130176514558918806152083455453960710763",
                    "65093502078892191955959796958331491968",
                    "33537364027611131541703298593840510511",
                    "127098640926403445488826403784410097840",
                    "151832990210662342220484884656486526965",
                    "8095637008444099761797145653665595392",
                    "308428658724877478203466980467177494144",
                    "157027092499714355110571361720986751702",
                    "15824715075697299905140779585916893921",
                    "179695989650876631991712152881802208719",
                    "286773877196749645231423464000591592960",
                    "186756668137126204243070899508891192209",
                    "221457834034628629866299955269269317175",
                    "36281802697082366426670928781953652586",
                    "178488359190798483900294763329980687690",
                    "48653496613556041111274170255486618035",
                    "13976730259860965856247133048222613436",
                    "7970470052891484227333512704102074361",
                    "12974091039369178675710623946723542848",
                    "96294922619740244301185886444154145657",
                    "29270376455032366522667763755489441970",
                    "20196236264471553709552736195331307437",
                    "233621658303085992823897883593113697349",
                    "195146928299530768606602707629795191444",
                    "295766841397103983367986761161725152328",
                    "231035214251319719830587864351657260461",
                    "779629645106547034772293086899090508",
                    "301433702036868720322766033796874068731",
                    "49624355514319690820746129819664554137",
                    "283770066080112878199243981070752693240",
                    "43087646627270497658598744043341937219"
                ]
            },
            "id": "ASB-A-229793943-255f8828",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 259.0,
                "function_hash": "192919914355958042483241079762620216395"
            },
            "id": "ASB-A-229793943-25bbb502",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "stopRecognition"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 802.0,
                "function_hash": "106222795401219275711242485874643388852"
            },
            "id": "ASB-A-229793943-3884a7de",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "startRecognition"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 391.0,
                "function_hash": "309122013809544488715615301484441877822"
            },
            "id": "ASB-A-229793943-6707f8ff",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "stopRecognition"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 475.0,
                "function_hash": "209212899586811252712319966473640781068"
            },
            "id": "ASB-A-229793943-6d692344",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "internalGetInitialAvailability"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 217.0,
                "function_hash": "304899824646000021907389210412498240030"
            },
            "id": "ASB-A-229793943-76a2963e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "getDspModuleProperties"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "71850842956664155650407501270331963066",
                    "186057487005214590133014466041155756732",
                    "79244779593358975916961476030459684841",
                    "111091331210675167050311121788391967219"
                ]
            },
            "id": "ASB-A-229793943-88861fc7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/VoiceInteractionService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 443.0,
                "function_hash": "263183374449922987837066702325598751573"
            },
            "id": "ASB-A-229793943-a8a58387",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "startRecognition"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "103665268779873828901717305872462452203",
                    "176038228102208840979227146243238134766",
                    "241516124482182919531028886553761451992",
                    "24969762068506326160961342198286487007",
                    "261944822222860686288861484427612421754",
                    "137786394222868463414079341245717815221",
                    "131869129459473334597385685526189025662",
                    "123591928327660673218321269807564497679",
                    "156661038651416837767410303045498640173",
                    "55840117949601117445307583655024185812",
                    "189154813020768443255903581507529284177",
                    "295336304350017095124074295089434270769",
                    "88730673901478514309017150748047786483",
                    "248797779783433515875543567000265980529",
                    "74944550283950425979889379478751673871"
                ]
            },
            "id": "ASB-A-229793943-af4122ab",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 453.0,
                "function_hash": "226945093887177471514695802275283137004"
            },
            "id": "ASB-A-229793943-c2b9c5ca",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "AlwaysOnHotwordDetector"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 340.0,
                "function_hash": "180644587877536539582372726651525889003"
            },
            "id": "ASB-A-229793943-d3d90e99",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "onSoundModelsChanged"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e4e77f45700bcbc56aa6d6ffc094e0e0ae78190a"
    ],
    "spl": "2022-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-11-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 199.0,
                "function_hash": "121163304685669064801147153599401173943"
            },
            "id": "ASB-A-229793943-183aaa1f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "getDspModuleProperties"
            },
            "signature_type": "Function"
        },
        {
            "match_only_versions": [
                "11"
            ],
            "digest": {
                "length": 144.0,
                "function_hash": "75261566191425585188056694307240062170"
            },
            "id": "ASB-A-229793943-2200a90b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "getSupportedAudioCapabilities"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 332.0,
                "function_hash": "160596218525656894270415911529633157251"
            },
            "id": "ASB-A-229793943-2428a053",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/VoiceInteractionService.java",
                "function": "createAlwaysOnHotwordDetector"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 325.0,
                "function_hash": "251411570944482449770537259056503763098"
            },
            "id": "ASB-A-229793943-3b9733c8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "setParameter"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 391.0,
                "function_hash": "309122013809544488715615301484441877822"
            },
            "id": "ASB-A-229793943-3c273e48",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "stopRecognition"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 292.0,
                "function_hash": "218087066791735831450394535137307342728"
            },
            "id": "ASB-A-229793943-40def9a0",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "queryParameter"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "39429120922972198039769161851563903144",
                    "117890962540872620823203818321233744637",
                    "118415992287012760099097902506508925232",
                    "293087356082566798363745234050478847060",
                    "54150644513883517900145624334680268198",
                    "191754956005059456503966720902922643488",
                    "8133263302634861355611963773430441834",
                    "20144300044472442296513035297518135922",
                    "130176514558918806152083455453960710763",
                    "84043303120838937372012352086566273413",
                    "209040505048499201741824801988944347898",
                    "181269475831526145757641504029105210475",
                    "151832990210662342220484884656486526965",
                    "8095637008444099761797145653665595392",
                    "156960803996515009614616410198885984543",
                    "158248979936375384349290818324673943421",
                    "11511238941924046858154939196159495969",
                    "286773877196749645231423464000591592960",
                    "115100939880717158036513774413586161054",
                    "111940522371380421965869963742101527466",
                    "39913039416366101726715494019934010351",
                    "275236796086632068950982007994230457488",
                    "64667782517250038566513056047410945564",
                    "67848175416080239913387570286991526945",
                    "178488359190798483900294763329980687690",
                    "46357406777809237045124121212485436147",
                    "270146187345033499818523850464349144495",
                    "175217144884994071926622330513154372872",
                    "66817363122483711407669306843766938641",
                    "176959706660054070101783645027166812282",
                    "13976730259860965856247133048222613436",
                    "7970470052891484227333512704102074361",
                    "12974091039369178675710623946723542848",
                    "96294922619740244301185886444154145657",
                    "29270376455032366522667763755489441970",
                    "20196236264471553709552736195331307437",
                    "233621658303085992823897883593113697349",
                    "38928174972728894798780628785891760602",
                    "318020180769958064745181150720248022959",
                    "207054907524307960449038075257602413896",
                    "118493861930775334639814735406253004551",
                    "60594132601172219935231149376243329242",
                    "57477500921344994023246205012115392343",
                    "276363256189857807118275468513992784451",
                    "282312607648101469343700398972707739001",
                    "300970083969183107519365745290024735943",
                    "45916812174170777426318047399252274449",
                    "304157192807688088413053615528789121884",
                    "229557134002949299128076675913748315910",
                    "333880835429090839180744885059092721654",
                    "266455696464354231959567005244521123324",
                    "301433702036868720322766033796874068731",
                    "49624355514319690820746129819664554137",
                    "283770066080112878199243981070752693240",
                    "43087646627270497658598744043341937219"
                ]
            },
            "id": "ASB-A-229793943-662a9ac7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 327.0,
                "function_hash": "129205427447181081647778101757515409278"
            },
            "id": "ASB-A-229793943-67ecf429",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "AlwaysOnHotwordDetector"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 443.0,
                "function_hash": "263183374449922987837066702325598751573"
            },
            "id": "ASB-A-229793943-73a80c14",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "startRecognition"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 288.0,
                "function_hash": "67504798280387632059188109663395131331"
            },
            "id": "ASB-A-229793943-7672e482",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "getParameter"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "71850842956664155650407501270331963066",
                    "23811837602777859803716522196686206152",
                    "218180269284275994672357611955584636558",
                    "259338822093399307637241271699964510020"
                ]
            },
            "id": "ASB-A-229793943-77c945f5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/VoiceInteractionService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "55824939962680051179440163111295607849",
                    "276480800319649749443048588413509462470",
                    "74875233791813765017285193355724001969",
                    "286306047286077873288157880837551624768",
                    "223608018001954816028804605581661874543",
                    "53096620931555397110537196885405924502",
                    "34292642266004627072256145991639388958",
                    "224825319390532417462144722040111557303",
                    "275505201579371436989431831930085413345",
                    "218786043703238320221024953805976699080",
                    "243808722196243408854790390209296126983",
                    "315851049973466965960087411137577680596",
                    "166734037699511194776569826221094504040",
                    "3286713179502397198204931492514272067",
                    "307557744827734319397101083426308618540",
                    "163285364139514902005427702345691499014",
                    "291498217275191668737841181807132868230",
                    "138216753513874267857829048376397024126",
                    "70458956568163504524288979819039482756",
                    "70441278338043826199252656309406397615",
                    "251301715081416765391259814986586881929",
                    "198129955424184079481420337743264718533",
                    "322706825037750360624691711069340219668",
                    "200472649355358673497686473917751085933",
                    "120879771770049083017505929568406199284",
                    "17522803828384757346319709367550813825",
                    "291732220753007243050125945115427518046"
                ]
            },
            "id": "ASB-A-229793943-7c808f5e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 275.0,
                "function_hash": "218806517626778073723430364948979538760"
            },
            "id": "ASB-A-229793943-99884e62",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "setParameter"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 253.0,
                "function_hash": "6388109976811691982819738453053202572"
            },
            "id": "ASB-A-229793943-a16b6b81",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "getParameter"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 239.0,
                "function_hash": "325209012025704191590391678518182872170"
            },
            "id": "ASB-A-229793943-ac2aba41",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "stopRecognition"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 322.0,
                "function_hash": "8830155571170381923029893228280576471"
            },
            "id": "ASB-A-229793943-c1076387",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "internalGetInitialAvailability"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 792.0,
                "function_hash": "50816120120273683774063267458630200916"
            },
            "id": "ASB-A-229793943-db19e019",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "startRecognition"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 253.0,
                "function_hash": "6388109976811691982819738453053202572"
            },
            "id": "ASB-A-229793943-e455eba4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerService.java",
                "function": "queryParameter"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 345.0,
                "function_hash": "56800311192390566272125734333754509010"
            },
            "id": "ASB-A-229793943-fb854068",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/service/voice/AlwaysOnHotwordDetector.java",
                "function": "onSoundModelsChanged"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/525690ce16c1c7a48b7880897a4349e2dda0ca09"
    ],
    "spl": "2022-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}