Login Sign Up

CVE-2021-39668

7.8 HIGH

📋 TL;DR

This vulnerability allows local privilege escalation on Android devices through an intent redirection flaw in the System UI. An attacker could trick the system into performing actions with System UI privileges, potentially accessing sensitive data or functionality. Only Android 11 and 12 devices are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android 11 and 12
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All Android 11 and 12 devices with unpatched System UI are vulnerable. Requires user interaction for exploitation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to perform any action as System UI, including accessing sensitive user data, installing malicious apps, or modifying system settings.

🟠

Likely Case

Limited privilege escalation allowing access to some protected system functions or user data that would normally require higher permissions.

🟢

If Mitigated

No impact if patched or if user avoids installing malicious apps and granting unnecessary permissions.

🌐 Internet-Facing: LOW - Requires local access and user interaction, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with physical access to device.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction and likely a malicious app to trigger the intent redirection. No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2022-02-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/2022-02-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install Android Security Patch Level 2022-02-01 or later. 3. Restart device after installation.

🔧 Temporary Workarounds

Disable unknown sources

android

Prevent installation of apps from unknown sources to reduce attack surface

Settings > Security > Install unknown apps > Disable for all apps

Review app permissions

android

Regularly review and restrict app permissions, especially for less trusted apps

Settings > Apps > [App Name] > Permissions

🧯 If You Can't Patch

  • Restrict installation of new apps and only use trusted sources like Google Play Store
  • Implement mobile device management (MDM) policies to control app installations and permissions

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level in Settings > About phone > Android version

Check Version:

Settings > About phone > Android version

Verify Fix Applied:

Verify security patch level is 2022-02-01 or later in Settings > About phone > Android security update

📡 Detection & Monitoring

Log Indicators:

  • Unusual System UI activity, unexpected intent redirections in system logs

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable for typical Android deployments

📊 Metadata

CVE ID: CVE-2021-39668
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-610
Published: February 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39668, you might also want to check these:

CVE-2025-22144 9.8

This vulnerability in NamelessMC allows attackers with admincp.core.emails or admincp.users.edit per...

Same vulnerability type (CWE-610)
CVE-2021-44041 9.8

This vulnerability in UiPath Assistant allows attackers to execute arbitrary code or capture NTLM cr...

Same vulnerability type (CWE-610)
CVE-2021-41244 9.1

This vulnerability in Grafana allows organization administrators to access and modify users in other...

Same vulnerability type (CWE-610)