A vulnerability, which was classified as critical, was found in Google Android 7/8/8.1. Affected is the function setAllowOnlyVpnForUids of the file NetworkManagementService.java. The manipulation leads to permission issues.

This vulnerability is traded as CVE-2017-13314. The attack needs to be approached locally. There is no exploit available.

It is recommended to apply a patch to fix this issue.