Login Sign Up

CVE-2021-1048

7.8 HIGH

📋 TL;DR

CVE-2021-1048 is a use-after-free vulnerability in the Android kernel's eventpoll subsystem that allows local privilege escalation. An attacker can exploit this to gain root access on affected Android devices without requiring user interaction. This affects Android devices running vulnerable kernel versions.

💻 Affected Systems

Products:
  • Android
Versions: Android kernel versions prior to November 2021 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android devices with vulnerable kernel versions. The vulnerability is in the upstream Linux kernel eventpoll subsystem.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root privileges, allowing installation of persistent malware, data theft, and bypassing all security controls.

🟠

Likely Case

Local privilege escalation to root, enabling attackers to install malicious apps, access sensitive data, and modify system settings.

🟢

If Mitigated

Limited impact if devices are patched, but unpatched devices remain fully vulnerable to local attackers.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the device.
🏢 Internal Only: HIGH - Malicious apps or users with physical/network access to devices can exploit this for full system compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the device. The vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level November 2021 or later

Vendor Advisory: https://source.android.com/security/bulletin/2021-11-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the November 2021 or later security patch. 3. Reboot the device after installation.

🔧 Temporary Workarounds

No effective workarounds

all

This is a kernel-level vulnerability that requires patching. No configuration changes or workarounds can mitigate the vulnerability.

🧯 If You Can't Patch

  • Restrict physical access to devices and implement strict app installation policies
  • Monitor for suspicious privilege escalation attempts and unusual root access patterns

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level. If earlier than November 2021, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows November 2021 or later date in Settings > About phone > Android version > Security patch level.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs, unusual privilege escalation attempts, unexpected root access in system logs

Network Indicators:

  • Unusual outbound connections from device after potential compromise

SIEM Query:

source="android_logs" AND (event_type="privilege_escalation" OR process="su" OR user="root")

📊 Metadata

CVE ID: CVE-2021-1048
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: December 15, 2021
Last Updated: October 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-1048, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)