{"id":"ASB-A-235850634", "published":"2022-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20413", "A-235850634"], "details":"In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-10-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"81181394698423272454874642256699488090", "length":2785}, "id":"ASB-A-235850634-2b583ce7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapThread::start"}}, {"deprecated":false, "digest":{"line_hashes":["201988523389593385061007374122406249898", "271471977421997628405962829937757768094", "185676650678369235215480043063267900644", "198933167022081666281538109705389226537", "76083410214893130432690246935998647333", "157707774218318497405772292249999366591", "330606488169128530148873227927409930061", "21922544428062808396490850597937065882", "126783701507331834985037104720605811960", "182330296286554160107550692368105885182", "10890587252539407938447069612080456170", "167587873789583617279380746060849404855", "156880479271703966195861458915152762045", "216268526825132457805594427701425644691", "251341222208445686204282603005286287539", "307806665057571096281850491342015702526", "164228875517811981932807249790601871289", "308848917979864834755193765057325423811", "234011055780484902780767594436605529455", "165869260923137633933753749554490102301"], "threshold":0.9}, "id":"ASB-A-235850634-7a335352", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520", "target":{"file":"services/audioflinger/Threads.cpp"}}, {"deprecated":false, "digest":{"function_hash":"68796141465345685940563667153922411095", "length":866}, "id":"ASB-A-235850634-9ef710be", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapThread::stop"}}, {"deprecated":false, "digest":{"function_hash":"181196753431051838006019915285123295268", "length":305}, "id":"ASB-A-235850634-e14352a6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapCaptureThread::setRecordSilenced"}}, {"deprecated":false, "digest":{"line_hashes":["75921022813139541503686174051271348367", "29248364145583206918322435520830821556", "88498981957272264380731117662209253740", "87325438604622953908049999513708932423", "155838997843059346861057275852138653956", "168778868802633039982327665461234916745", "29681316594126690081018132777348418954"], "threshold":0.9}, "id":"ASB-A-235850634-e433009e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520", "target":{"file":"services/audioflinger/Threads.h"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"299276747474085596058797203112702422615", "length":2888}, "id":"ASB-A-235850634-55349446", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapThread::start"}}, {"deprecated":false, "digest":{"line_hashes":["324901151813731196240508223413722623934", "285531171118598633213671603613472087528", "336038215384601795986123558978427341951", "87325438604622953908049999513708932423", "155838997843059346861057275852138653956", "168778868802633039982327665461234916745", "29681316594126690081018132777348418954"], "threshold":0.9}, "id":"ASB-A-235850634-61237a49", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972", "target":{"file":"services/audioflinger/Threads.h"}}, {"deprecated":false, "digest":{"function_hash":"181196753431051838006019915285123295268", "length":305}, "id":"ASB-A-235850634-6b5003f2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapCaptureThread::setRecordSilenced"}}, {"deprecated":false, "digest":{"function_hash":"68796141465345685940563667153922411095", "length":866}, "id":"ASB-A-235850634-8b94caff", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapThread::stop"}}, {"deprecated":false, "digest":{"line_hashes":["201988523389593385061007374122406249898", "271471977421997628405962829937757768094", "185676650678369235215480043063267900644", "198933167022081666281538109705389226537", "76083410214893130432690246935998647333", "157707774218318497405772292249999366591", "330606488169128530148873227927409930061", "38071816232882080880499290686887897055", "199394340052008221672398655275824975160", "246136062329852722277547819238866407649", "180330506421263529894918950697246167606", "5439363204307583563230901158222031723", "156880479271703966195861458915152762045", "216268526825132457805594427701425644691", "251341222208445686204282603005286287539", "307806665057571096281850491342015702526", "164228875517811981932807249790601871289", "308848917979864834755193765057325423811", "234011055780484902780767594436605529455", "165869260923137633933753749554490102301"], "threshold":0.9}, "id":"ASB-A-235850634-d56cd483", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972", "target":{"file":"services/audioflinger/Threads.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"323799684551059076427516059709482107823", "length":2912}, "id":"ASB-A-235850634-09d3b1c5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapThread::start"}}, {"deprecated":false, "digest":{"function_hash":"243371791769163726436477391793551069062", "length":881}, "id":"ASB-A-235850634-52570b44", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapThread::stop"}}, {"deprecated":false, "digest":{"line_hashes":["201988523389593385061007374122406249898", "271471977421997628405962829937757768094", "185676650678369235215480043063267900644", "198933167022081666281538109705389226537", "76083410214893130432690246935998647333", "157707774218318497405772292249999366591", "330606488169128530148873227927409930061", "38071816232882080880499290686887897055", "88908128385796590820152069511025280460", "305774215448492971648576359454280994060", "58723290763809158926092537558918602986", "167587873789583617279380746060849404855", "156880479271703966195861458915152762045", "216268526825132457805594427701425644691", "251341222208445686204282603005286287539", "307806665057571096281850491342015702526", "164228875517811981932807249790601871289", "308848917979864834755193765057325423811", "234011055780484902780767594436605529455", "165869260923137633933753749554490102301"], "threshold":0.9}, "id":"ASB-A-235850634-57ea2f66", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp"}}, {"deprecated":false, "digest":{"function_hash":"181196753431051838006019915285123295268", "length":305}, "id":"ASB-A-235850634-ba40f5c8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapCaptureThread::setRecordSilenced"}}, {"deprecated":false, "digest":{"line_hashes":["295449459720035709819482335231942038436", "114069076096002077919365661304866957402", "294420004732231599841618571868709500941", "87325438604622953908049999513708932423", "155838997843059346861057275852138653956", "168778868802633039982327665461234916745", "29681316594126690081018132777348418954"], "threshold":0.9}, "id":"ASB-A-235850634-ec7be045", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.h"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"243371791769163726436477391793551069062", "length":881}, "id":"ASB-A-235850634-74c8ee59", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapThread::stop"}}, {"deprecated":false, "digest":{"function_hash":"181196753431051838006019915285123295268", "length":305}, "id":"ASB-A-235850634-77d4c651", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapCaptureThread::setRecordSilenced"}}, {"deprecated":false, "digest":{"line_hashes":["295449459720035709819482335231942038436", "114069076096002077919365661304866957402", "294420004732231599841618571868709500941", "87325438604622953908049999513708932423", "155838997843059346861057275852138653956", "168778868802633039982327665461234916745", "29681316594126690081018132777348418954"], "threshold":0.9}, "id":"ASB-A-235850634-7b1eddea", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.h"}}, {"deprecated":false, "digest":{"function_hash":"323799684551059076427516059709482107823", "length":2912}, "id":"ASB-A-235850634-7ff6ceb8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapThread::start"}}, {"deprecated":false, "digest":{"line_hashes":["201988523389593385061007374122406249898", "271471977421997628405962829937757768094", "185676650678369235215480043063267900644", "198933167022081666281538109705389226537", "76083410214893130432690246935998647333", "157707774218318497405772292249999366591", "330606488169128530148873227927409930061", "38071816232882080880499290686887897055", "88908128385796590820152069511025280460", "305774215448492971648576359454280994060", "58723290763809158926092537558918602986", "167587873789583617279380746060849404855", "156880479271703966195861458915152762045", "216268526825132457805594427701425644691", "251341222208445686204282603005286287539", "307806665057571096281850491342015702526", "164228875517811981932807249790601871289", "308848917979864834755193765057325423811", "234011055780484902780767594436605529455", "165869260923137633933753749554490102301"], "threshold":0.9}, "id":"ASB-A-235850634-e9533f33", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b"], "severity":"High", "spl":"2022-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["295449459720035709819482335231942038436", "114069076096002077919365661304866957402", "294420004732231599841618571868709500941", "87325438604622953908049999513708932423", "155838997843059346861057275852138653956", "168778868802633039982327665461234916745", "29681316594126690081018132777348418954"], "threshold":0.9}, "id":"ASB-A-235850634-0ad91ec8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.h"}}, {"deprecated":false, "digest":{"function_hash":"323799684551059076427516059709482107823", "length":2912}, "id":"ASB-A-235850634-279bc265", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapThread::start"}}, {"deprecated":false, "digest":{"function_hash":"243371791769163726436477391793551069062", "length":881}, "id":"ASB-A-235850634-5f0d4473", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapThread::stop"}}, {"deprecated":false, "digest":{"line_hashes":["201988523389593385061007374122406249898", "271471977421997628405962829937757768094", "185676650678369235215480043063267900644", "198933167022081666281538109705389226537", "76083410214893130432690246935998647333", "157707774218318497405772292249999366591", "330606488169128530148873227927409930061", "38071816232882080880499290686887897055", "88908128385796590820152069511025280460", "305774215448492971648576359454280994060", "58723290763809158926092537558918602986", "167587873789583617279380746060849404855", "156880479271703966195861458915152762045", "216268526825132457805594427701425644691", "251341222208445686204282603005286287539", "307806665057571096281850491342015702526", "164228875517811981932807249790601871289", "308848917979864834755193765057325423811", "234011055780484902780767594436605529455", "165869260923137633933753749554490102301"], "threshold":0.9}, "id":"ASB-A-235850634-83ee9342", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp"}}, {"deprecated":false, "digest":{"function_hash":"181196753431051838006019915285123295268", "length":305}, "id":"ASB-A-235850634-add07363", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b", "target":{"file":"services/audioflinger/Threads.cpp", "function":"AudioFlinger::MmapCaptureThread::setRecordSilenced"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/adfffded7596bab2290b14e1170798528c98f614"}]}