{"id":"ASB-A-235850634","details":"In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-235850634","CVE-2022-20413"],"modified":"2026-05-25T16:46:24.913870386Z","published":"2022-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/adfffded7596bab2290b14e1170798528c98f614"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-10-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"id":"ASB-A-235850634-2b583ce7","source":"https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520","signature_version":"v1","signature_type":"Function","target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapThread::start"},"deprecated":false,"digest":{"length":2785,"function_hash":"81181394698423272454874642256699488090"}},{"id":"ASB-A-235850634-7a335352","signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520","digest":{"line_hashes":["201988523389593385061007374122406249898","271471977421997628405962829937757768094","185676650678369235215480043063267900644","198933167022081666281538109705389226537","76083410214893130432690246935998647333","157707774218318497405772292249999366591","330606488169128530148873227927409930061","21922544428062808396490850597937065882","126783701507331834985037104720605811960","182330296286554160107550692368105885182","10890587252539407938447069612080456170","167587873789583617279380746060849404855","156880479271703966195861458915152762045","216268526825132457805594427701425644691","251341222208445686204282603005286287539","307806665057571096281850491342015702526","164228875517811981932807249790601871289","308848917979864834755193765057325423811","234011055780484902780767594436605529455","165869260923137633933753749554490102301"],"threshold":0.9},"deprecated":false,"target":{"file":"services/audioflinger/Threads.cpp"}},{"id":"ASB-A-235850634-9ef710be","digest":{"length":866,"function_hash":"68796141465345685940563667153922411095"},"signature_version":"v1","target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapThread::stop"},"source":"https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520","deprecated":false,"signature_type":"Function"},{"id":"ASB-A-235850634-e14352a6","signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520","digest":{"length":305,"function_hash":"181196753431051838006019915285123295268"},"deprecated":false,"target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapCaptureThread::setRecordSilenced"}},{"id":"ASB-A-235850634-e433009e","source":"https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520","signature_version":"v1","signature_type":"Line","target":{"file":"services/audioflinger/Threads.h"},"deprecated":false,"digest":{"line_hashes":["75921022813139541503686174051271348367","29248364145583206918322435520830821556","88498981957272264380731117662209253740","87325438604622953908049999513708932423","155838997843059346861057275852138653956","168778868802633039982327665461234916745","29681316594126690081018132777348418954"],"threshold":0.9}}],"spl":"2022-10-01","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/5ee382438971b303a63d07aab40bbdb5a5b88520"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-235850634.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-10-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"id":"ASB-A-235850634-55349446","source":"https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972","signature_version":"v1","signature_type":"Function","target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapThread::start"},"deprecated":false,"digest":{"length":2888,"function_hash":"299276747474085596058797203112702422615"}},{"id":"ASB-A-235850634-61237a49","source":"https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972","signature_version":"v1","signature_type":"Line","target":{"file":"services/audioflinger/Threads.h"},"deprecated":false,"digest":{"line_hashes":["324901151813731196240508223413722623934","285531171118598633213671603613472087528","336038215384601795986123558978427341951","87325438604622953908049999513708932423","155838997843059346861057275852138653956","168778868802633039982327665461234916745","29681316594126690081018132777348418954"],"threshold":0.9}},{"id":"ASB-A-235850634-6b5003f2","target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapCaptureThread::setRecordSilenced"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972","signature_type":"Function","deprecated":false,"digest":{"length":305,"function_hash":"181196753431051838006019915285123295268"}},{"id":"ASB-A-235850634-8b94caff","digest":{"length":866,"function_hash":"68796141465345685940563667153922411095"},"signature_version":"v1","target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapThread::stop"},"source":"https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972","deprecated":false,"signature_type":"Function"},{"id":"ASB-A-235850634-d56cd483","source":"https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972","signature_version":"v1","signature_type":"Line","target":{"file":"services/audioflinger/Threads.cpp"},"deprecated":false,"digest":{"line_hashes":["201988523389593385061007374122406249898","271471977421997628405962829937757768094","185676650678369235215480043063267900644","198933167022081666281538109705389226537","76083410214893130432690246935998647333","157707774218318497405772292249999366591","330606488169128530148873227927409930061","38071816232882080880499290686887897055","199394340052008221672398655275824975160","246136062329852722277547819238866407649","180330506421263529894918950697246167606","5439363204307583563230901158222031723","156880479271703966195861458915152762045","216268526825132457805594427701425644691","251341222208445686204282603005286287539","307806665057571096281850491342015702526","164228875517811981932807249790601871289","308848917979864834755193765057325423811","234011055780484902780767594436605529455","165869260923137633933753749554490102301"],"threshold":0.9}}],"spl":"2022-10-01","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/a2f00f95e0e74efe439a591b236afb598dbf8972"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-235850634.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-10-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b"],"vanir_signatures":[{"id":"ASB-A-235850634-09d3b1c5","digest":{"length":2912,"function_hash":"323799684551059076427516059709482107823"},"signature_version":"v1","target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapThread::start"},"source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","deprecated":false,"signature_type":"Function"},{"id":"ASB-A-235850634-52570b44","signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","digest":{"length":881,"function_hash":"243371791769163726436477391793551069062"},"deprecated":false,"target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapThread::stop"}},{"id":"ASB-A-235850634-57ea2f66","digest":{"line_hashes":["201988523389593385061007374122406249898","271471977421997628405962829937757768094","185676650678369235215480043063267900644","198933167022081666281538109705389226537","76083410214893130432690246935998647333","157707774218318497405772292249999366591","330606488169128530148873227927409930061","38071816232882080880499290686887897055","88908128385796590820152069511025280460","305774215448492971648576359454280994060","58723290763809158926092537558918602986","167587873789583617279380746060849404855","156880479271703966195861458915152762045","216268526825132457805594427701425644691","251341222208445686204282603005286287539","307806665057571096281850491342015702526","164228875517811981932807249790601871289","308848917979864834755193765057325423811","234011055780484902780767594436605529455","165869260923137633933753749554490102301"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","target":{"file":"services/audioflinger/Threads.cpp"},"deprecated":false,"signature_type":"Line"},{"id":"ASB-A-235850634-ba40f5c8","target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapCaptureThread::setRecordSilenced"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","signature_type":"Function","deprecated":false,"digest":{"length":305,"function_hash":"181196753431051838006019915285123295268"}},{"id":"ASB-A-235850634-ec7be045","digest":{"line_hashes":["295449459720035709819482335231942038436","114069076096002077919365661304866957402","294420004732231599841618571868709500941","87325438604622953908049999513708932423","155838997843059346861057275852138653956","168778868802633039982327665461234916745","29681316594126690081018132777348418954"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/audioflinger/Threads.h"},"source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","deprecated":false,"signature_type":"Line"}],"spl":"2022-10-01","types":["ID"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-235850634.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"id":"ASB-A-235850634-74c8ee59","digest":{"length":881,"function_hash":"243371791769163726436477391793551069062"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapThread::stop"},"deprecated":false,"signature_type":"Function"},{"id":"ASB-A-235850634-77d4c651","signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","digest":{"length":305,"function_hash":"181196753431051838006019915285123295268"},"deprecated":false,"target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapCaptureThread::setRecordSilenced"}},{"id":"ASB-A-235850634-7b1eddea","target":{"file":"services/audioflinger/Threads.h"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["295449459720035709819482335231942038436","114069076096002077919365661304866957402","294420004732231599841618571868709500941","87325438604622953908049999513708932423","155838997843059346861057275852138653956","168778868802633039982327665461234916745","29681316594126690081018132777348418954"],"threshold":0.9}},{"id":"ASB-A-235850634-7ff6ceb8","source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","signature_version":"v1","signature_type":"Function","target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapThread::start"},"deprecated":false,"digest":{"length":2912,"function_hash":"323799684551059076427516059709482107823"}},{"id":"ASB-A-235850634-e9533f33","target":{"file":"services/audioflinger/Threads.cpp"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["201988523389593385061007374122406249898","271471977421997628405962829937757768094","185676650678369235215480043063267900644","198933167022081666281538109705389226537","76083410214893130432690246935998647333","157707774218318497405772292249999366591","330606488169128530148873227927409930061","38071816232882080880499290686887897055","88908128385796590820152069511025280460","305774215448492971648576359454280994060","58723290763809158926092537558918602986","167587873789583617279380746060849404855","156880479271703966195861458915152762045","216268526825132457805594427701425644691","251341222208445686204282603005286287539","307806665057571096281850491342015702526","164228875517811981932807249790601871289","308848917979864834755193765057325423811","234011055780484902780767594436605529455","165869260923137633933753749554490102301"],"threshold":0.9}}],"spl":"2022-10-01","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-235850634.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-10-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b"],"vanir_signatures":[{"id":"ASB-A-235850634-0ad91ec8","signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["295449459720035709819482335231942038436","114069076096002077919365661304866957402","294420004732231599841618571868709500941","87325438604622953908049999513708932423","155838997843059346861057275852138653956","168778868802633039982327665461234916745","29681316594126690081018132777348418954"],"threshold":0.9},"target":{"file":"services/audioflinger/Threads.h"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b"},{"id":"ASB-A-235850634-279bc265","signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","digest":{"length":2912,"function_hash":"323799684551059076427516059709482107823"},"deprecated":false,"target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapThread::start"}},{"id":"ASB-A-235850634-5f0d4473","digest":{"length":881,"function_hash":"243371791769163726436477391793551069062"},"signature_version":"v1","target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapThread::stop"},"source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","deprecated":false,"signature_type":"Function"},{"id":"ASB-A-235850634-83ee9342","target":{"file":"services/audioflinger/Threads.cpp"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["201988523389593385061007374122406249898","271471977421997628405962829937757768094","185676650678369235215480043063267900644","198933167022081666281538109705389226537","76083410214893130432690246935998647333","157707774218318497405772292249999366591","330606488169128530148873227927409930061","38071816232882080880499290686887897055","88908128385796590820152069511025280460","305774215448492971648576359454280994060","58723290763809158926092537558918602986","167587873789583617279380746060849404855","156880479271703966195861458915152762045","216268526825132457805594427701425644691","251341222208445686204282603005286287539","307806665057571096281850491342015702526","164228875517811981932807249790601871289","308848917979864834755193765057325423811","234011055780484902780767594436605529455","165869260923137633933753749554490102301"],"threshold":0.9}},{"id":"ASB-A-235850634-add07363","signature_type":"Function","signature_version":"v1","digest":{"length":305,"function_hash":"181196753431051838006019915285123295268"},"target":{"file":"services/audioflinger/Threads.cpp","function":"AudioFlinger::MmapCaptureThread::setRecordSilenced"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/av/+/cfc10a47f66b2864350aa31a9bf96b76f35b366b"}],"spl":"2022-10-01","types":["ID"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-235850634.json"}}],"schema_version":"1.7.5"}