Login Sign Up

CVE-2024-27221

7.8 HIGH

📋 TL;DR

CVE-2024-27221 is an out-of-bounds write vulnerability in Android's update_policy_data function that allows local privilege escalation without user interaction. This affects Android devices, particularly Google Pixel phones, enabling attackers to gain elevated system privileges from a standard user context.

💻 Affected Systems

Products:
  • Google Pixel phones
  • Android devices with affected kernel
Versions: Android versions prior to March 2024 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects devices using the vulnerable kernel component; Pixel devices are confirmed affected.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root/system-level access, allowing installation of persistent malware, data theft, and bypassing all security controls.

🟠

Likely Case

Local privilege escalation to gain elevated permissions for data access, surveillance, or further exploitation within the device.

🟢

If Mitigated

Limited impact with proper patch management and security controls preventing unauthorized local access.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the device.
🏢 Internal Only: HIGH - Malicious apps or users with physical/network access to devices can exploit this without additional privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access but no user interaction; technical exploitation requires understanding of kernel memory layout.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2024 Android security patch level

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2024-03-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install March 2024 security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and network access to vulnerable devices to reduce attack surface

App isolation

android

Use Android's app sandboxing and permission controls to limit potential damage

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and data
  • Implement strict application allowlisting and monitor for suspicious privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Android version > Android security update level. If before March 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security update level shows March 2024 or later in Settings > About phone

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected privilege escalation in audit logs
  • SELinux/AVC denials related to kernel operations

Network Indicators:

  • Unusual outbound connections from system processes
  • Unexpected network activity from elevated contexts

SIEM Query:

source="android_logs" AND (event="kernel_panic" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2024-27221
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 11, 2024
Last Updated: April 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27221, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)