In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Google
Privilege Escalation
Android
NVD
CVSS 3.1
3.3
EPSS
0.1%