In onCreate of WifiScanModeActivity.java, there is a possible way to enable Wi-Fi scanning without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "328263169580508867976876575400628265794", "110424566519442481665465581655237687646", "322102221475400443108148106970967004392", "108217010661045898630435102137187521905", "295920884582073271744377298668040679510", "287274780326124899620192979046656855227", "185974074193300355660243960888347440480", "92475357582801666664465760516120286434" ] }, "id": "ASB-A-174047492-2bfb51b8", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/faa5f6b5f6b67421f1327690f358f2fc5ee12c33", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/wifi/WifiScanModeActivity.java" }, "signature_type": "Line" }, { "digest": { "length": 512.0, "function_hash": "216698803617722576029150201810114412891" }, "id": "ASB-A-174047492-8bf326c4", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/faa5f6b5f6b67421f1327690f358f2fc5ee12c33", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/wifi/WifiScanModeActivity.java", "function": "onCreate" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/faa5f6b5f6b67421f1327690f358f2fc5ee12c33" ], "spl": "2021-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 512.0, "function_hash": "158803676454670411362006961934677279220" }, "id": "ASB-A-174047492-567d4985", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/58b0f2d5b3ab4e7002b870aedc971a2d8d9e8e44", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/wifi/WifiScanModeActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "278439482067112957380265895062969078593", "62494506271113635611819801336893045692", "202940160376952609789420844645356167769", "108217010661045898630435102137187521905", "295920884582073271744377298668040679510", "287274780326124899620192979046656855227", "185974074193300355660243960888347440480", "326699467371759243067822480658829003894" ] }, "id": "ASB-A-174047492-8c8fe44a", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/58b0f2d5b3ab4e7002b870aedc971a2d8d9e8e44", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/wifi/WifiScanModeActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/58b0f2d5b3ab4e7002b870aedc971a2d8d9e8e44" ], "spl": "2021-06-01", "severity": "High", "types": [ "EoP" ] }