In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. This could lead to local information disclosure of secure network traffic over a non-VPN link with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "331164130220073483159077166472416681445", "272971140574235435846252158985016909898", "179585735392734205954198078228623916196", "275502726631547484265657262251379747930" ] }, "id": "ASB-A-168500792-ad209f09", "source": "https://android.googlesource.com/platform/frameworks/base/+/61b620ad4f773e86c03e0719ae24268babcc62a9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/connectivity/Vpn.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/61b620ad4f773e86c03e0719ae24268babcc62a9" ], "spl": "2020-12-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "331164130220073483159077166472416681445", "272971140574235435846252158985016909898", "179585735392734205954198078228623916196", "275502726631547484265657262251379747930" ] }, "id": "ASB-A-168500792-49381c17", "source": "https://android.googlesource.com/platform/frameworks/base/+/61b620ad4f773e86c03e0719ae24268babcc62a9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/connectivity/Vpn.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/61b620ad4f773e86c03e0719ae24268babcc62a9" ], "spl": "2020-12-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "331164130220073483159077166472416681445", "272971140574235435846252158985016909898", "179585735392734205954198078228623916196", "275502726631547484265657262251379747930" ] }, "id": "ASB-A-168500792-77f687ea", "source": "https://android.googlesource.com/platform/frameworks/base/+/61b620ad4f773e86c03e0719ae24268babcc62a9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/connectivity/Vpn.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/61b620ad4f773e86c03e0719ae24268babcc62a9" ], "spl": "2020-12-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "331164130220073483159077166472416681445", "272971140574235435846252158985016909898", "179585735392734205954198078228623916196", "275502726631547484265657262251379747930" ] }, "id": "ASB-A-168500792-c0ed34b8", "source": "https://android.googlesource.com/platform/frameworks/base/+/61b620ad4f773e86c03e0719ae24268babcc62a9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/connectivity/Vpn.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/61b620ad4f773e86c03e0719ae24268babcc62a9" ], "spl": "2020-12-01", "severity": "High", "types": [ "ID" ] }