Login Sign Up

CVE-2021-0464

7.8 HIGH

📋 TL;DR

This CVE describes a heap buffer overflow vulnerability in the Android sound trigger subsystem that allows local privilege escalation without user interaction. Attackers can exploit this to gain elevated privileges on affected Android devices. The vulnerability affects Android devices with specific kernel versions.

💻 Affected Systems

Products:
  • Android devices
Versions: Android kernel versions prior to March 2021 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with the vulnerable sound trigger implementation in the kernel. Pixel devices specifically mentioned in the bulletin.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code with kernel privileges, install persistent malware, or access sensitive data.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security restrictions and gain elevated system access on compromised devices.

🟢

If Mitigated

Limited impact if devices are patched or have additional security controls like SELinux enforcing mode and app sandboxing.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the device.
🏢 Internal Only: HIGH - Malicious apps or compromised user accounts could exploit this to escalate privileges on internal devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access but no user interaction. Exploitation involves heap manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2021 Android security patch level or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2021-03-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > Advanced > System update. 2. Install March 2021 or later security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable sound trigger service

android

Temporarily disable the vulnerable sound trigger subsystem to prevent exploitation

adb shell pm disable com.android.soundtrigger

🧯 If You Can't Patch

  • Restrict installation of untrusted applications from unknown sources
  • Implement application allowlisting and monitor for suspicious privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is earlier than March 2021, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows March 2021 or later date in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs related to sound_trigger
  • Unexpected privilege escalation attempts in audit logs
  • Crash reports from sound trigger service

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="android_kernel" AND ("sound_trigger" OR "CVE-2021-0464")

📊 Metadata

CVE ID: CVE-2021-0464
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 10, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0464, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)