Login Sign Up

CVE-2021-0984

7.8 HIGH

📋 TL;DR

This vulnerability in Android 12 allows local privilege escalation without user interaction. An incorrectly unbound service in ManagedServices.java enables permission bypass, potentially letting attackers gain elevated privileges on affected devices. Only Android 12 devices are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android 12
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Android 12. Pixel devices received patches in December 2021 security updates. Other manufacturers may have different patch timelines.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code with system privileges, access sensitive data, or install persistent malware.

🟠

Likely Case

Local attackers gaining elevated privileges to access protected system resources or user data they shouldn't have access to.

🟢

If Mitigated

Limited impact if devices are fully patched and have proper security controls like verified boot and app sandboxing.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring physical or local access to the device.
🏢 Internal Only: MEDIUM - Malicious apps or users with local access could exploit this to escalate privileges on affected devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to device. No user interaction needed but attacker needs some level of initial access to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android 12 with December 2021 security patch level or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2021-12-01

Restart Required: Yes

Instructions:

1. Check Android version and security patch level in Settings > About phone. 2. If on Android 12 with patch level before December 2021, install latest security update via Settings > System > System update. 3. Reboot device after update completes.

🔧 Temporary Workarounds

Disable unnecessary services

android

Reduce attack surface by disabling unused system services and permissions

Restrict app installations

android

Only install apps from trusted sources and review app permissions carefully

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Implement strict app installation policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android version (must be 12) and security patch level (must be before December 2021) in Settings > About phone

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows December 2021 or later in Settings > About phone

📡 Detection & Monitoring

Log Indicators:

  • Unusual service binding/unbinding events in system logs
  • Permission escalation attempts in security logs

Network Indicators:

  • Not applicable - local exploit only

SIEM Query:

Not applicable for typical enterprise SIEM as this is local device exploit

📊 Metadata

CVE ID: CVE-2021-0984
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-404
Published: December 15, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0984, you might also want to check these:

CVE-2025-38385 7.8

This CVE describes a kernel warning triggered during USB device disconnection in the Linux kernel's ...

Same vulnerability type (CWE-404)
CVE-2022-23033 7.8

This Xen hypervisor vulnerability on ARM systems allows guest virtual machines to retain access to m...

Same vulnerability type (CWE-404)
CVE-2021-1098 7.8

NVIDIA vGPU software has a resource management vulnerability where the Virtual GPU Manager fails to ...

Same vulnerability type (CWE-404)