CVE-2021-0517

Name of the Vulnerable Software and Affected Versions Android versions Android-11

Description The issue is related to a logic error in the updateCapabilities function of ConnectivityService.java, which can lead to incorrect network state determination. This could result in networking tasks being biased to occur on non-VPN networks, potentially allowing a remote attacker to disclose confidential information without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations For Android version Android-11, consider restricting access to the updateCapabilities function of ConnectivityService.java to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and adjust network settings to ensure that sensitive tasks are routed through VPN networks when necessary.