Login Sign Up

CVE-2021-0531

7.8 HIGH

📋 TL;DR

This vulnerability in Android's memory management driver allows local attackers to escalate privileges without user interaction by exploiting a use-after-free condition. It affects Android devices with specific System-on-Chip (SoC) implementations. Successful exploitation could give attackers full system control.

💻 Affected Systems

Products:
  • Android devices with specific SoC implementations
Versions: Android SoC versions prior to June 2021 security patches
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects specific Android System-on-Chip implementations; not all Android devices are vulnerable. Requires local access to device.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root privileges, allowing installation of persistent malware, data theft, and bypassing all security controls.

🟠

Likely Case

Local privilege escalation enabling attackers to gain elevated permissions, potentially leading to data access, surveillance capabilities, or further system exploitation.

🟢

If Mitigated

Limited impact if devices are patched, isolated from untrusted users, or have additional security layers like SELinux enforcing strict policies.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access but no user interaction. Use-after-free vulnerabilities typically require precise timing and memory manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2021 Android Security Bulletin patches

Vendor Advisory: https://source.android.com/security/bulletin/2021-06-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Apply June 2021 or later security patches. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and remote local access to devices through device management policies

Enable SELinux enforcing mode

linux

Ensure SELinux is in enforcing mode to limit privilege escalation impact

getenforce
setenforce 1

🧯 If You Can't Patch

  • Isolate affected devices from untrusted users and networks
  • Implement application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is before June 2021, device may be vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows June 2021 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Memory corruption errors in dmesg
  • Unexpected privilege escalation attempts

Network Indicators:

  • Unusual outbound connections from system processes
  • Suspicious local network scanning

SIEM Query:

source="android_kernel" AND ("use-after-free" OR "memory corruption" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2021-0531
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: June 21, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0531, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)