First published: Wed Jul 05 2023(Updated: )
In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.
Credit: security@android.com security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | =12.0 | |
Google Android | =12.1 | |
Google Android | =13.0 | |
https://android.googlesource.com/platform/frameworks/av/+/2c8973c39478cd3c8cf11d9f27cc0556a106d006
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-21262 is a vulnerability in the startInput function of AudioPolicyInterfaceImpl.cpp in Google Android 12.0, 12.1, and 13.0, which could lead to false user expectations due to a race condition in displaying the microphone privacy indicator.
CVE-2023-21262 has a severity score of 3.1 (High).
Exploiting CVE-2023-21262 requires user interaction.
Google Android versions 12.0, 12.1, and 13.0 are affected by CVE-2023-21262.
To fix CVE-2023-21262, it is recommended to apply the necessary security patches provided by Google.