ASB-A-191382886

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-191382886.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-191382886
Aliases
  • A-191382886
  • CVE-2021-0649
Published
2021-11-01T00:00:00Z
Modified
2024-08-07T19:29:26.463351Z
Summary
App can stop vpn profile of other apps and can reset always on vpn package without requiring any permission.
Details

In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROLALWAYSON_VPN with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-11-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "249075278512829168754042795387518813750",
                    "159388925239194086110019053960304969612",
                    "104848444477519217474237556570055385811",
                    "97590697546115221432188778181145799833",
                    "95975522758785182856088401938732163268",
                    "38729615384395579501124902717966760349",
                    "40135872218419544498134803688603443737",
                    "178413717962493023367993335606776715959",
                    "246714061973602262374419698083005330097",
                    "70189935037104495525897089633168244123",
                    "306576123403228771282968129054536480080",
                    "226714567186253957383971980360413508704",
                    "187989992647598380755570461639950930741",
                    "147354967674750052531737893602276117569"
                ]
            },
            "id": "ASB-A-191382886-23870e76",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f3072fcd46112bad7c5f6ddd4cc35d2c67f00d11",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/ConnectivityService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 187.0,
                "function_hash": "218177222831341778865879455474855236138"
            },
            "id": "ASB-A-191382886-97b9e92f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f3072fcd46112bad7c5f6ddd4cc35d2c67f00d11",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/ConnectivityService.java",
                "function": "stopVpnProfile"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 214.0,
                "function_hash": "340082255310276846879016599533391396102"
            },
            "id": "ASB-A-191382886-ac7e74b8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f3072fcd46112bad7c5f6ddd4cc35d2c67f00d11",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/ConnectivityService.java",
                "function": "startVpnProfile"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/f3072fcd46112bad7c5f6ddd4cc35d2c67f00d11"
    ],
    "spl": "2021-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}