A vulnerability was found in VPN routing in Kernel where there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation. References: https://source.android.com/security/bulletin/pixel/2019-09-01
More references: http://www.openwall.com/lists/oss-security/2019/12/05/1 http://www.openwall.com/lists/oss-security/2019/12/05/2 http://www.openwall.com/lists/oss-security/2019/12/08/1
(In reply to msiddiqu from comment #1) > More references: > > http://www.openwall.com/lists/oss-security/2019/12/05/1 > http://www.openwall.com/lists/oss-security/2019/12/05/2 > http://www.openwall.com/lists/oss-security/2019/12/08/1 These are related to a different CVE. These are for CVE-2019-14899 which is covered in bugzilla 1774905. The CVE listed here is in android sources, and not in an upstream.