CVE-2021-0570 – This vulnerability allows local privilege escal... (How to Fix)

Q: What is the severity of CVE-2021-0570?

CVE-2021-0570 has a CVSS score of 7.8 (HIGH). This vulnerability allows local privilege escalation on Android 11 devices through an unsafe PendingIntent in the bug reporting service. Attackers can exploit this to gain elevated permissions without user interaction. Only Android 11 devices with the vulnerable component are affected.

📋 TL;DR

This vulnerability allows local privilege escalation on Android 11 devices through an unsafe PendingIntent in the bug reporting service. Attackers can exploit this to gain elevated permissions without user interaction. Only Android 11 devices with the vulnerable component are affected.

💻 Affected Systems

Products:

Android

Versions: Android 11

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices running Android 11 with the specific vulnerable component; Pixel devices specifically mentioned in bulletins.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing installation of malware, data theft, and persistence as a privileged user.

🟠

Likely Case

Limited privilege escalation allowing access to sensitive app data and system functions normally restricted.

🟢

If Mitigated

No impact if patched or if device lacks vulnerable component; standard Android sandboxing limits lateral movement.

🌐 Internet-Facing: LOW - Requires local access to device, not remotely exploitable.

🏢 Internal Only: HIGH - Malicious apps or users with physical access can exploit locally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local execution privileges; no user interaction needed but attacker needs initial foothold on device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2021-06-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2021-06-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install Android Security Patch Level 2021-06-01 or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable bug reporting service

android

Temporarily disable the vulnerable BugreportProgressService component if possible (may break legitimate bug reporting).

adb shell pm disable com.android.shell/.BugreportProgressService

🧯 If You Can't Patch

Restrict physical access to devices and monitor for suspicious app installations.
Implement mobile device management (MDM) to control app installations and detect anomalies.

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If it shows Android 11 and security patch level is before 2021-06-01, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level is 2021-06-01 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Unusual bug report generation events, unexpected PendingIntent calls in system logs

Network Indicators:

None - local exploit only

SIEM Query:

Search for events related to BugreportProgressService or PendingIntent misuse in Android device logs.

📊 Metadata

CVE ID: CVE-2021-0570

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: June 22, 2021

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/pixel/2021-06-01 Vendor Advisory
https://source.android.com/security/bulletin/pixel/2021-06-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0570, you might also want to check these: