CVE-2021-0476
📋 TL;DR
This CVE describes a use-after-free vulnerability in Android's Bluetooth stack that occurs due to a race condition in the FindOrCreatePeer function. It allows local attackers to escalate privileges without user interaction, potentially gaining elevated system access. The vulnerability affects Android versions 9, 10, and 11.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains full system-level privileges, potentially compromising the entire device, accessing sensitive data, and installing persistent malware.
Likely Case
Local privilege escalation allowing attackers to bypass application sandboxing and gain elevated permissions for malicious activities.
If Mitigated
With proper patching and security controls, the risk is reduced to minimal, though the vulnerability remains present in unpatched systems.
🎯 Exploit Status
Exploitation requires local access and knowledge of race condition timing, but no user interaction is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Patch Level 2021-05-01 or later
Vendor Advisory: https://source.android.com/security/bulletin/2021-05-01
Restart Required: Yes
Instructions:
1. Check for system updates in Settings > System > Advanced > System update. 2. Install the May 2021 security patch or later. 3. Reboot the device after installation.
🔧 Temporary Workarounds
Disable Bluetooth
androidTemporarily disable Bluetooth functionality to prevent exploitation of the vulnerable component.
adb shell settings put global bluetooth_on 0
Settings > Connected devices > Connection preferences > Bluetooth > Turn off
🧯 If You Can't Patch
- Restrict physical access to devices and implement strict app installation policies
- Use mobile device management (MDM) solutions to enforce security controls and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check Android version and security patch level in Settings > About phone > Android version and Security patch level.Check Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify the security patch level is May 2021 or later in Settings > About phone > Security patch level.📡 Detection & Monitoring
Log Indicators:
- Unusual Bluetooth stack crashes or restarts in logcat
- Privilege escalation attempts in system logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for Bluetooth service crashes or privilege escalation events in Android device logs