CVE-2023-40096 Information

Description

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Reference

https://source.android.com/security/bulletin/2023-12-01