CVE-2021-0920
Published: 15 December 2021
Summary
CVE-2021-0920 is a medium-severity Race Condition (CWE-362) vulnerability in Linux Linux Kernel. Its CVSS base score is 6.4 (Medium).
Operationally, ranked in the top 23.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-16 (Memory Protection).
Deeper analysis
The vulnerability is a use-after-free condition resulting from a race in the unix_scm_to_skb function of af_unix.c within the Linux kernel used by Android. It is tracked as Android ID A-196926917 and affects the Android kernel; the underlying flaw is also referenced against the upstream kernel. The issue is classified under CWE-362 and CWE-416 with a CVSS 3.1 score of 6.4.
An attacker who already possesses System execution privileges on an affected device can trigger the race condition to achieve further local privilege escalation. No user interaction is required for exploitation.
The November 2021 Android security bulletin addresses the flaw, and corresponding fixes appear in Debian LTS updates. The vulnerability is listed in CISA's catalog of known exploited vulnerabilities, confirming observed in-the-wild use.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-3539
Vulnerability details
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid…
more
ID: A-196926917References: Upstream kernel
- CWE(s)
- KEV Date Added
- 23 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces memory safety mechanisms that block use-after-free exploitation in kernel structures such as those manipulated by unix_scm_to_skb.
Restricts the initial System execution privileges required to trigger the race condition, thereby limiting the attacker's ability to reach the vulnerable code path.
Mandates timely application of the kernel patches released in the November 2021 Android bulletin that eliminate the race condition in af_unix.c.