In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of the current SSID with User execution privileges needed. User interaction is not needed for exploitation.

android.googlesource.com/platform/frameworks/base/+/20491714c2ca0a8fd789220e9a8afba3701f5113

android.googlesource.com/platform/frameworks/base/+/5263e86850a0f8d91fa66eb491b6f9765a0291c7

source.android.com/security/bulletin/2020-11-01#2020-11-01-security-patch-level-vulnerability-details