Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-40096

UNKNOWN
Published 2023-12-04T22:40:54.088Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-40096. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Google

Android

Affected Versions:

14 13 12L 12 11

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-8chh-r69x-qcr7

Advisory Details

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-40096
WEB https://android.googlesource.com/platform/frameworks/av/+/148aeea373febc959c429f2cabd8323508c38ad8
WEB https://android.googlesource.com/platform/frameworks/av/+/5f401fc9f214789d691798620fea60015962370a
WEB https://android.googlesource.com/platform/frameworks/base/+/b0f6558fb36eb76df35c516ec5a65030a34a8734
WEB https://android.googlesource.com/platform/frameworks/native/+/9ddecd3d2b88de5ff7aa890d7ba9967c30d8b183
WEB https://source.android.com/security/bulletin/2023-12-01

Advisory provided by GitHub Security Advisory Database. Published: December 5, 2023, Modified: December 8, 2023

References

https://android.googlesource.com/platform/frameworks/base/+/b0f6558fb36eb76df35c516ec5a65030a34a8734
https://android.googlesource.com/platform/frameworks/native/+/9ddecd3d2b88de5ff7aa890d7ba9967c30d8b183
https://android.googlesource.com/platform/frameworks/av/+/148aeea373febc959c429f2cabd8323508c38ad8
https://android.googlesource.com/platform/frameworks/av/+/5f401fc9f214789d691798620fea60015962370a
https://source.android.com/security/bulletin/2023-12-01
Published: 2023-12-04T22:40:54.088Z
Last Modified: 2024-08-02T18:24:54.731Z
Copied to clipboard!