Cyber Resilience

CVE-2021-0920

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 15 December 2021

Published
15 December 2021
Modified
23 October 2025
KEV Added
23 May 2022
Patch
CVSS Score v3.1 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0091 76.2th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-0920 is a medium-severity Race Condition (CWE-362) vulnerability in Linux Linux Kernel. Its CVSS base score is 6.4 (Medium).

Operationally, ranked in the top 23.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-16 (Memory Protection).

Deeper analysis

The vulnerability is a use-after-free condition resulting from a race in the unix_scm_to_skb function of af_unix.c within the Linux kernel used by Android. It is tracked as Android ID A-196926917 and affects the Android kernel; the underlying flaw is also referenced against the upstream kernel. The issue is classified under CWE-362 and CWE-416 with a CVSS 3.1 score of 6.4.

An attacker who already possesses System execution privileges on an affected device can trigger the race condition to achieve further local privilege escalation. No user interaction is required for exploitation.

The November 2021 Android security bulletin addresses the flaw, and corresponding fixes appear in Debian LTS updates. The vulnerability is listed in CISA's catalog of known exploited vulnerabilities, confirming observed in-the-wild use.

EU & UK References

Vulnerability details

In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid…

more

ID: A-196926917References: Upstream kernel

CWE(s)
KEV Date Added
23 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
5.14 · ≤ 5.13
google
android
all versions
debian
debian linux
9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces memory safety mechanisms that block use-after-free exploitation in kernel structures such as those manipulated by unix_scm_to_skb.

prevent

Restricts the initial System execution privileges required to trigger the race condition, thereby limiting the attacker's ability to reach the vulnerable code path.

prevent

Mandates timely application of the kernel patches released in the November 2021 Android bulletin that eliminate the race condition in af_unix.c.

References