Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-20942
PUBLISHED
More InfoOfficial Page
Assigner-google_android
Assigner Org ID-baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
View Known Exploited Vulnerability (KEV) details
Published At-12 Jul, 2023 | 23:18
Updated At-06 Nov, 2024 | 16:50
Rejected At-
▼CVE Numbering Authority (CNA)

In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products
Vendor
Google LLCGoogle
Product
Android
Default Status
unaffected
Versions
Affected
  • 13
  • 12L
  • 12
Problem Types
TypeCWE IDDescription
N/AN/AElevation of privilege
Type: N/A
CWE ID: N/A
Description: Elevation of privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://android.googlesource.com/platform/frameworks/av/+/bae3b00a5873d1562679a1289fd8490178cfe064
N/A
https://android.googlesource.com/platform/frameworks/av/+/b072419650958c41c87d2baa572dc2fe6da9ea6b
N/A
https://android.googlesource.com/platform/frameworks/av/+/770b45c3c1619cf4008b89e7a0f4392bf2224bbc
N/A
https://source.android.com/security/bulletin/2023-07-01
N/A
Hyperlink: https://android.googlesource.com/platform/frameworks/av/+/bae3b00a5873d1562679a1289fd8490178cfe064
Resource: N/A
Hyperlink: https://android.googlesource.com/platform/frameworks/av/+/b072419650958c41c87d2baa572dc2fe6da9ea6b
Resource: N/A
Hyperlink: https://android.googlesource.com/platform/frameworks/av/+/770b45c3c1619cf4008b89e7a0f4392bf2224bbc
Resource: N/A
Hyperlink: https://source.android.com/security/bulletin/2023-07-01
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://android.googlesource.com/platform/frameworks/av/+/bae3b00a5873d1562679a1289fd8490178cfe064
x_transferred
https://android.googlesource.com/platform/frameworks/av/+/b072419650958c41c87d2baa572dc2fe6da9ea6b
x_transferred
https://android.googlesource.com/platform/frameworks/av/+/770b45c3c1619cf4008b89e7a0f4392bf2224bbc
x_transferred
https://source.android.com/security/bulletin/2023-07-01
x_transferred
Hyperlink: https://android.googlesource.com/platform/frameworks/av/+/bae3b00a5873d1562679a1289fd8490178cfe064
Resource:
x_transferred
Hyperlink: https://android.googlesource.com/platform/frameworks/av/+/b072419650958c41c87d2baa572dc2fe6da9ea6b
Resource:
x_transferred
Hyperlink: https://android.googlesource.com/platform/frameworks/av/+/770b45c3c1619cf4008b89e7a0f4392bf2224bbc
Resource:
x_transferred
Hyperlink: https://source.android.com/security/bulletin/2023-07-01
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-326CWE-326 Inadequate Encryption Strength
Type: CWE
CWE ID: CWE-326
Description: CWE-326 Inadequate Encryption Strength
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found