Login Sign Up

CVE-2021-0936

7.8 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Android kernel's USB accessory driver that could allow local privilege escalation. An attacker with local access could exploit memory corruption to gain elevated privileges without user interaction. This affects Android devices with vulnerable kernel versions.

💻 Affected Systems

Products:
  • Android devices with vulnerable kernel
Versions: Android kernel versions before October 2021 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Requires USB accessory functionality to be enabled. Pixel devices specifically mentioned in advisories.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root privileges, allowing installation of persistent malware, data theft, and bypassing of security controls.

🟠

Likely Case

Local privilege escalation from a limited user or app context to kernel-level access, enabling further system exploitation.

🟢

If Mitigated

Limited impact if device is fully patched, has SELinux enforcing mode, and proper app sandboxing.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring physical or local access to the device.
🏢 Internal Only: MEDIUM - Malicious apps or users with physical access could exploit this to escalate privileges on vulnerable devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of kernel memory layout. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: October 2021 Android Security Patch Level or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2021-10-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install October 2021 or later security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable USB debugging/accessory mode

android

Prevents exploitation by disabling the vulnerable USB accessory functionality

Settings > System > Developer options > USB debugging (OFF)
Settings > Connected devices > USB > Select 'No data transfer'

🧯 If You Can't Patch

  • Restrict physical access to devices and implement strict app installation policies
  • Enable SELinux enforcing mode and implement least privilege principles for apps

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level: Settings > About phone > Android security patch level. If before October 2021, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows October 2021 or later date.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • USB accessory driver crash logs
  • SELinux denials related to f_accessory.c

Network Indicators:

  • No network indicators - local exploit only

SIEM Query:

No applicable network SIEM query - monitor device logs for kernel crashes or privilege escalation attempts

📊 Metadata

CVE ID: CVE-2021-0936
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: October 25, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0936, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)