Android 12 Security Release Notes

Published September 20, 2021

This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 12. Android 12 devices with a security patch level of 2021-10-01 or later are protected against these issues (Android 12, as released on AOSP, will have a default security patch level of 2021-10-01). To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues prior to publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository as part of the Android 12 release.

The severity assessment of issues in these release notes are based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

Announcements

  • The issues described in this document are addressed as part of Android 12. This information is provided for reference and transparency.
  • We would like to acknowledge and thank the security research community for their continued contributions towards securing the Android ecosystem.

Android and Google service mitigations

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

  • Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
  • The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

Android 12 vulnerability details

The sections below provide details for security vulnerabilities fixed as part of Android 12. Vulnerabilities are grouped under the component that they affect and include details such as the CVE, associated references, type of vulnerability, and severity.

Android TV

CVE References Type Severity
CVE-2021-0825 A-174493596 EoP Moderate
CVE-2021-0828 A-174046975 EoP Moderate

Android runtime

CVE References Type Severity
CVE-2021-0808 A-178822800 EoP Moderate
CVE-2021-0809 A-178822418 EoP Moderate
CVE-2021-0810 A-178821065 EoP Moderate
CVE-2021-0811 A-178802681 EoP Moderate

Framework

CVE References Type Severity
CVE-2020-27059 A-159249069 EoP High
CVE-2021-0440 A-175319005 EoP High
CVE-2021-0737 A-188909109 EoP High
CVE-2021-0748 A-187043377 EoP High
CVE-2021-0749 A-186776724 EoP High
CVE-2021-0750 A-186530450 EoP High
CVE-2021-0762 A-184972789 EoP High
CVE-2021-0856 A-146211400 EoP High
CVE-2021-0862 A-129698226 EoP High
CVE-2021-0868 A-190732424 EoP High
CVE-2021-0845 A-166668654 ID High
CVE-2021-0858 A-141467028 ID High
CVE-2021-0709 A-194540462 EoP Moderate
CVE-2021-0726 A-190396251 EoP Moderate
CVE-2021-0727 A-190343571 EoP Moderate
CVE-2021-0736 A-188908756 EoP Moderate
CVE-2021-0774 A-184203058 EoP Moderate
CVE-2021-0775 A-184196278 EoP Moderate
CVE-2021-0777 A-183794515 EoP Moderate
CVE-2021-0786 A-181588735 EoP Moderate
CVE-2021-0788 A-181148088 EoP Moderate
CVE-2021-0790 A-180940063 EoP Moderate
CVE-2021-0815 A-177239818 EoP Moderate
CVE-2021-0826 A-174243774 EoP Moderate
CVE-2021-0830 A-173721846 EoP Moderate
CVE-2021-0849 A-160153281 EoP Moderate
CVE-2021-0860 A-137274359 EoP Moderate
CVE-2021-0864 A-115385786 EoP Moderate
CVE-2019-9428 A-110150807 ID Moderate
CVE-2021-0715 A-193032972 ID Moderate
CVE-2021-0718 A-191382775 ID Moderate
CVE-2021-0719 A-191307066 ID Moderate
CVE-2021-0723 A-191057499 ID Moderate
CVE-2021-0728 A-189862446 ID Moderate
CVE-2021-0729 A-189858116 ID Moderate
CVE-2021-0731 A-189122545 ID Moderate
CVE-2021-0732 A-189122544 ID Moderate
CVE-2021-0733 A-189122913 ID Moderate
CVE-2021-0738 A-188802680 ID Moderate
CVE-2021-0740 A-188420350 ID Moderate
CVE-2021-0741 A-188420344 ID Moderate
CVE-2021-0742 A-188218313 ID Moderate
CVE-2021-0744 A-187725457 ID Moderate
CVE-2021-0746 A-187043716 ID Moderate
CVE-2021-0747 A-187043444 ID Moderate
CVE-2021-0751 A-186113473 ID Moderate
CVE-2021-0752 A-186113411 ID Moderate
CVE-2021-0757 A-185513355 ID Moderate
CVE-2021-0760 A-185125569 ID Moderate
CVE-2021-0761 A-185124942 ID Moderate
CVE-2021-0763 A-184948790 ID Moderate
CVE-2021-0764 A-184851975 ID Moderate
CVE-2021-0765 A-184851840 ID Moderate
CVE-2021-0768 A-184745431 ID Moderate
CVE-2021-0770 A-184525740 ID Moderate
CVE-2021-0771 A-184525395 ID Moderate
CVE-2021-0772 A-184525389 ID Moderate
CVE-2021-0783 A-183122164 ID Moderate
CVE-2021-0784 A-183121510 ID Moderate
CVE-2021-0789 A-181012686 ID Moderate
CVE-2021-0800 A-180417374 ID Moderate
CVE-2021-0801 A-180104057 ID Moderate
CVE-2021-0803 A-179699353 ID Moderate
CVE-2021-0806 A-179047203 ID Moderate
CVE-2021-0807 A-179047153 ID Moderate
CVE-2021-0829 A-173806402 ID Moderate
CVE-2021-0836 A-170644642 ID Moderate
CVE-2021-0853 A-154917065 ID Moderate
CVE-2021-0863 A-118188362 ID Moderate
CVE-2021-0866 A-184658476 ID Moderate

Library

CVE References Type Severity
CVE-2020-15888 A-162128313 EoP Moderate
CVE-2021-0720 A-191303307 ID Moderate

Media Framework

CVE References Type Severity
CVE-2021-0865 A-63104719 EoP High
CVE-2021-0847 A-162602757 RCE Moderate
CVE-2021-0713 A-193034636 EoP Moderate
CVE-2021-0714 A-193034447 EoP Moderate
CVE-2021-0716 A-191597651 EoP Moderate
CVE-2021-0754 A-185796676 EoP Moderate
CVE-2021-0767 A-184845897 EoP Moderate
CVE-2021-0855 A-150226265 EoP Moderate
CVE-2020-0127 A-140054506 ID Moderate
CVE-2021-0560 A-177433559 ID Moderate
CVE-2021-0758 A-185394935 ID Moderate
CVE-2021-0773 A-184430260 ID Moderate
CVE-2021-0787 A-181155583 ID Moderate
CVE-2021-0793 A-180800849 ID Moderate
CVE-2021-0794 A-180505809 ID Moderate
CVE-2021-0814 A-177617358 ID Moderate
CVE-2021-0821 A-176098418 ID Moderate
CVE-2021-0848 A-160187491 ID Moderate
CVE-2021-0813 A-177699292 DoS Moderate
CVE-2021-0835 A-171069556 DoS Moderate
CVE-2021-0839 A-170374298 DoS Moderate

System

CVE References Type Severity
CVE-2021-0739 A-188673156 RCE Critical
CVE-2021-0802 A-179998316 RCE Critical
CVE-2021-0766 A-184850593 EoP High
CVE-2021-0782 A-183407347 EoP High
CVE-2021-0850 A-159021520 EoP High
CVE-2021-0724 A-191051260 ID High
CVE-2021-0851 A-157233955 ID High
CVE-2021-0859 A-137733370 ID High
CVE-2021-0861 A-131355925 ID High
CVE-2021-0857 A-145826745 RCE Moderate
CVE-2020-0436 A-159371107 EoP Moderate
CVE-2021-0710 A-194340135 EoP Moderate
CVE-2021-0722 A-191174082 EoP Moderate
CVE-2021-0730 A-189332346 EoP Moderate
CVE-2021-0743 A-188041356 EoP Moderate
CVE-2021-0759 A-185191546 EoP Moderate
CVE-2021-0776 A-183954797 EoP Moderate
CVE-2021-0778 A-183710549 EoP Moderate
CVE-2021-0781 A-183407956 EoP Moderate
CVE-2021-0785 A-182283321 EoP Moderate
CVE-2021-0805 A-179047632 EoP Moderate
CVE-2021-0837 A-170643285 EoP Moderate
CVE-2021-0841 A-170309116 EoP Moderate
CVE-2021-0842 A-169851269 EoP Moderate
CVE-2021-0843 A-168903827 EoP Moderate
CVE-2021-0711 A-193436376 ID Moderate
CVE-2021-0712 A-193434069 ID Moderate
CVE-2021-0717 A-191487797 ID Moderate
CVE-2021-0721 A-191276693 ID Moderate
CVE-2021-0725 A-190619620 ID Moderate
CVE-2021-0745 A-187709482 ID Moderate
CVE-2021-0753 A-186006753 ID Moderate
CVE-2021-0755 A-185591473 ID Moderate
CVE-2021-0756 A-185513628 ID Moderate
CVE-2021-0779 A-183633542 ID Moderate
CVE-2021-0780 A-183410189 ID Moderate
CVE-2021-0791 A-180939433 ID Moderate
CVE-2021-0792 A-180938364 ID Moderate
CVE-2021-0795 A-180422331 ID Moderate
CVE-2021-0812 A-178189576 ID Moderate
CVE-2021-0817 A-176582502 ID Moderate
CVE-2021-0818 A-176446340 ID Moderate
CVE-2021-0819 A-176203800 ID Moderate
CVE-2021-0820 A-176168040 ID Moderate
CVE-2021-0823 A-174573778 ID Moderate
CVE-2021-0827 A-174151290 ID Moderate
CVE-2021-0831 A-173122149 ID Moderate
CVE-2021-0832 A-172839851 ID Moderate
CVE-2021-0834 A-172670679 ID Moderate
CVE-2021-0838 A-170491114 ID Moderate
CVE-2021-0840 A-170309700 ID Moderate
CVE-2021-0844 A-168712382 ID Moderate
CVE-2021-0852 A-156096455 ID Moderate
CVE-2021-0854 A-154501976 ID Moderate
CVE-2021-0890 A-190757775 ID Moderate
CVE-2021-0796 A-180421437 DoS Moderate
CVE-2021-0797 A-180421044 DoS Moderate
CVE-2021-0798 A-180421035 DoS Moderate
CVE-2021-0804 A-179162240 DoS Moderate
CVE-2021-0816 A-177047996 DoS Moderate
CVE-2021-0822 A-175895723 DoS Moderate
CVE-2021-0824 A-174495119 DoS Moderate
CVE-2021-0886 A-182163258 DoS Moderate

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

To learn how to check a device's security patch level, see Check and update your Android version.

Android 12, as released on AOSP, has a default security patch level of 2021-10-01. Android devices running Android 12 and with a security patch level of 2021-10-01 or later address all issues contained in these security release notes.

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation Definition
RCE Remote code execution
EoP Elevation of privilege
ID Information disclosure
DoS Denial of service
N/A Classification not available

3. What do the entries in the References column mean?

Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

Prefix Reference
A- Android bug ID

Versions

Version Date Notes
1.0 September 20, 2021 Security Release Notes published