In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "1507347477625288206924147384212062311", "167688605867282803177728729677168565494", "137122953859527318281001713726447669367", "18219262625178533219379706478832290769", "130737000761195551633978398735643043315", "258202711614118339221988124104917980448", "282747096984891809597603264365114496715", "90655393699161537400335180027105381933", "175242587158792847800811199501507512010" ] }, "id": "ASB-A-179053823-2c6d2528", "source": "https://android.googlesource.com/platform/frameworks/base/+/f3d35fdeaab97b8f2646fbcadcc50413138d369a", "deprecated": false, "signature_version": "v1", "target": { "file": "tests/net/integration/util/com/android/server/NetworkAgentWrapper.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "130685122290000269070185916806103745772", "10330500819088495888833910037773966921", "184632244487065695388626587647657404593", "258382400710289303571064109129317024935", "97767333076461204489629404154209508822", "27051001654010681673116087546152186240", "4279791367659397505693756116762427839", "164868897662531412708543463541585522507", "264847955601993648350212795163248573560", "155016246756462894656171077109222831908", "293821000695020235782908004134707957641", "30688429203509602610690175745648332808", "260377386838969607211462570123745388094", "28780719410803030128354082911063688607", "328787977812036799257746573734734842462", "132990505161844785431176339823274973549", "109015711842139512682109670783874066820", "90904430466385290694059485275121690615", "180976549560987988347727975604466392926" ] }, "id": "ASB-A-179053823-412eb382", "source": "https://android.googlesource.com/platform/frameworks/base/+/9d680e7cd3c58da63d7753f2e4dce5683d2fd893", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/ConnectivityService.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "82430332723054704973814326013453390247", "154252307144114275208524740098786919116", "85776445773038469964823270029051538900", "241287416356538605801110510077084948855" ] }, "id": "ASB-A-179053823-510727af", "source": "https://android.googlesource.com/platform/frameworks/base/+/7c4ae16b94ce8f36e4e047ac4c825794d1c21db2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/connectivity/Vpn.java" }, "signature_type": "Line" }, { "digest": { "length": 1510.0, "function_hash": "162341957182682762582143686583421943566" }, "id": "ASB-A-179053823-d2d365d4", "source": "https://android.googlesource.com/platform/frameworks/base/+/9d680e7cd3c58da63d7753f2e4dce5683d2fd893", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/ConnectivityService.java", "function": "updateCapabilities" }, "signature_type": "Function" }, { "digest": { "length": 1024.0, "function_hash": "156584358442038041910340445517037970033" }, "id": "ASB-A-179053823-efb4b64a", "source": "https://android.googlesource.com/platform/frameworks/base/+/f3d35fdeaab97b8f2646fbcadcc50413138d369a", "deprecated": false, "signature_version": "v1", "target": { "file": "tests/net/integration/util/com/android/server/NetworkAgentWrapper.java", "function": "NetworkAgentWrapper" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/9d680e7cd3c58da63d7753f2e4dce5683d2fd893", "https://android.googlesource.com/platform/frameworks/base/+/1255ddbc76df53c9562a87cd5701d791e0ec55ad", "https://android.googlesource.com/platform/frameworks/base/+/be317557fe11d9a27412712556c9203778fab645", "https://android.googlesource.com/platform/frameworks/base/+/4a66aedf09ccdf19d302a5cff6dec5ec9da076bf", "https://android.googlesource.com/platform/frameworks/base/+/1a05734c87f9e3ce0cbd33ea1f13ee7a27c57f01", "https://android.googlesource.com/platform/frameworks/base/+/d2adbfbf40aaf5d533607fe71e93d6ff6cba2ba1", "https://android.googlesource.com/platform/frameworks/base/+/f3d35fdeaab97b8f2646fbcadcc50413138d369a", "https://android.googlesource.com/platform/frameworks/base/+/d10299582ae9965c0ff70b5fceb4ce8ee591734e", "https://android.googlesource.com/platform/frameworks/base/+/7c4ae16b94ce8f36e4e047ac4c825794d1c21db2", "https://android.googlesource.com/platform/frameworks/base/+/334a66342c799018f25c015c54a2c2c017e1ec36", "https://android.googlesource.com/platform/frameworks/base/+/cb2feba0fbc5f9a80e3c5cc863ecd56b26113e39", "https://android.googlesource.com/platform/frameworks/base/+/9687fd7c3bcb563d8bd3b53874f6e35876275dda" ], "spl": "2021-06-01", "severity": "High", "types": [ "ID" ] }