CVE-2022-39248

Name of the Vulnerable Software and Affected Versions matrix-android-sdk2 versions prior to 1.5.1

Description An attacker cooperating with a malicious homeserver can construct messages that appear to have come from another person without any indication. This vulnerability can be used to perform targeted attacks, sending fake to-device messages and potentially injecting key backup secrets. The issue is due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm.

Recommendations For versions prior to 1.5.1, update to version 1.5.1, which only accepts Olm-encrypted to-device messages and stops signing backups on successful decryption. As a temporary workaround, consider avoiding the use of emoji/QR verification methods for new logins until the update is applied, and instead use verify with passphrase. Restrict access to untrusted devices and discard secrets received from them. Ensure key backups are only usable if they have a valid signature from a trusted device.