CVE-2024-0019

In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

More information : https://android.googlesource.com/platform/frameworks/base/+/707fc94ec3df4cf6b985e6d06c2588690d1a025a

Attack vector : LOCAL
Attack complexity : LOW
Privileges required : LOW
User interaction : REQUIRED
Confidentiality impact : NONE
Integrity impact : HIGH
Base score : 5
Base severity : MEDIUM
Exploitability score : 1.3
Impact score : 3.6