CVE-2021-0685 – This vulnerability allows local privilege escal... (How to Fix)

Q: What is the severity of CVE-2021-0685?

CVE-2021-0685 has a CVSS score of 7.8 (HIGH). This vulnerability allows local privilege escalation on Android 11 devices through unsafe deserialization in the ParsedIntentInfo component. Attackers can exploit this without user interaction to gain elevated privileges. Only Android 11 devices are affected.

📋 TL;DR

This vulnerability allows local privilege escalation on Android 11 devices through unsafe deserialization in the ParsedIntentInfo component. Attackers can exploit this without user interaction to gain elevated privileges. Only Android 11 devices are affected.

💻 Affected Systems

Products:

Android

Versions: Android 11 only

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: All Android 11 devices are vulnerable by default; no special configuration required.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code with system privileges, access sensitive data, and persist malware.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass app sandboxing and access other apps' data or system resources.

🟢

If Mitigated

No impact if patched; unpatched devices remain vulnerable to local attacks.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local app access.

🏢 Internal Only: HIGH - Malicious apps or users with local access can exploit this without additional privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access but no user interaction; technical knowledge of Android parcel serialization needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2021-09-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/2021-09-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install Android Security Patch Level 2021-09-01 or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

No effective workarounds

all

This is a core Android framework vulnerability requiring patching

🧯 If You Can't Patch

Restrict installation of untrusted apps via Settings > Security > Install unknown apps
Use Android Enterprise or MDM solutions to enforce security policies and app whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Android version (must be 11) and Security patch level (must be before 2021-09-01)

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Security patch level is 2021-09-01 or later in Settings > About phone

📡 Detection & Monitoring

Log Indicators:

Unusual parcel serialization/deserialization errors in system logs
Unexpected privilege escalation attempts

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Not applicable for local Android framework vulnerabilities

📊 Metadata

CVE ID: CVE-2021-0685

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: October 6, 2021

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/2021-09-01 Patch,Vendor Advisory
https://source.android.com/security/bulletin/2021-09-01 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0685, you might also want to check these: