CVE-2021-0956 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2021-0956?

CVE-2021-0956 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on affected Android devices via NFC communication without user interaction. It affects Android 11 and 12 devices with NFC hardware enabled. The out-of-bounds write in the NFC stack could lead to privilege escalation.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected Android devices via NFC communication without user interaction. It affects Android 11 and 12 devices with NFC hardware enabled. The out-of-bounds write in the NFC stack could lead to privilege escalation.

💻 Affected Systems

Products:

Android

Versions: Android 11, Android 12

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Requires NFC hardware and NFC functionality to be enabled. Devices without NFC hardware are not affected.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install malware, steal data, or gain persistent access to the device.

🟠

Likely Case

Remote code execution leading to data theft, surveillance, or device takeover when NFC is enabled and in proximity to malicious NFC tags.

🟢

If Mitigated

Limited impact if NFC is disabled or device is not in proximity to malicious NFC sources.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires proximity to malicious NFC tag/reader. No authentication needed for initial attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin December 2021 patches

Vendor Advisory: https://source.android.com/security/bulletin/2021-12-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install Android Security Patch Level December 2021 or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable NFC

android

Turn off NFC functionality to prevent exploitation via malicious NFC tags

Settings > Connected devices > Connection preferences > NFC > Toggle OFF

🧯 If You Can't Patch

Disable NFC functionality completely in device settings
Restrict physical access to devices and avoid unknown NFC sources

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 11 or 12 with patch level before December 2021, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android Security Patch Level is December 2021 or later in Settings > About phone > Android security update

📡 Detection & Monitoring

Log Indicators:

Unusual NFC activity logs
System crashes in NFC service
Privilege escalation attempts

Network Indicators:

N/A - local proximity attack

SIEM Query:

N/A - primarily physical proximity attack

📊 Metadata

CVE ID: CVE-2021-0956

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: December 15, 2021

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/2021-12-01 Vendor Advisory
https://source.android.com/security/bulletin/2021-12-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0956, you might also want to check these: