CVE-2024-0019

Ivan Lon — Wed, 08 May 2024 10:02:10 +0000

Description

In set Listening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting system UI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

References

MISC:https://android.googlesource.com/platform/frameworks/base/+/707fc94ec3df4cf6b985e6d06c2588690d1a025a
URL:https://android.googlesource.com/platform/frameworks/base/+/707fc94ec3df4cf6b985e6d06c2588690d1a025a
MISC:https://source.android.com/security/bulletin/2024-01-01
URL:https://source.android.com/security/bulletin/2024-01-01

CVE-2024-0019 - Common Vulnerabilities and Exposures

CVE-2024-0019