Login Sign Up

CVE-2021-0584

5.5 MEDIUM

📋 TL;DR

This vulnerability in Android's Parcel component allows local attackers to read memory beyond intended boundaries without requiring user interaction or elevated privileges. It affects Android versions 8.1 through 11, potentially exposing sensitive information from other apps or system processes.

💻 Affected Systems

Products:
  • Android
Versions: Android 8.1, 9, 10, 11
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected Android versions are vulnerable by default. The vulnerability is in the core Android framework.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local information disclosure could expose sensitive data from other applications or system components, potentially enabling further attacks.

🟠

Likely Case

Limited information disclosure from adjacent memory locations, possibly revealing non-critical system information.

🟢

If Mitigated

No impact if patched or if affected component is not used by vulnerable applications.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring local access to the device.
🏢 Internal Only: MEDIUM - Malicious apps could exploit this to gather information from other apps on the same device.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed on the device. No user interaction needed once app is installed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin August 2021 patches

Vendor Advisory: https://source.android.com/security/bulletin/2021-08-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > Advanced > System update. 2. Install the August 2021 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

No effective workarounds

all

This is a core framework vulnerability requiring patching at the OS level.

🧯 If You Can't Patch

  • Restrict installation of untrusted applications from unknown sources
  • Use Android Enterprise or similar management to control app installation

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 8.1, 9, 10, or 11 without August 2021 security patches, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Check security patch level in Settings > About phone > Android security patch level. Should show 'August 5, 2021' or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual memory access patterns in system logs
  • Crash reports from Parcel-related components

Network Indicators:

  • No network indicators - local vulnerability only

SIEM Query:

No specific SIEM query - monitor for Android security patch compliance

📊 Metadata

CVE ID: CVE-2021-0584
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: August 17, 2021
Last Updated: February 25, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0584, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)