exploitDog

CVE-2023-21262

Опубликовано: 13 июл. 2023

Источник: nvd

CVSS3: 3.1

EPSS Низкий

Описание

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.

Ссылки

https://android.googlesource.com/platform/frameworks/av/+/2c8973c39478cd3c8cf11d9f27cc0556a106d006
Patch
https://source.android.com/security/bulletin/2023-07-01
Patch
Vendor Advisory
https://android.googlesource.com/platform/frameworks/av/+/2c8973c39478cd3c8cf11d9f27cc0556a106d006
Patch
https://source.android.com/security/bulletin/2023-07-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.0004

Низкий

3.1 Low

CVSS3

Дефекты

CWE-362

Связанные уязвимости

GHSA-2h34-5q7q-g4h6

CVSS3: 3.1

github

около 2 лет назад

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.

EPSS

Процентиль: 11%

0.0004

Низкий

3.1 Low

CVSS3

Дефекты

CWE-362