{"api_version":"1","generated_at":"2026-04-23T01:19:11+00:00","cve":"CVE-2021-0468","urls":{"html":"https://cve.report/CVE-2021-0468","api":"https://cve.report/api/cve/CVE-2021-0468.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-0468","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-0468"},"summary":{"title":"CVE-2021-0468","description":"In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-180427272","state":"PUBLIC","assigner":"security@android.com","published_at":"2021-04-13 19:15:00","updated_at":"2022-07-12 17:42:00"},"problem_types":["CWE-1188"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/2021-04-01","name":"https://source.android.com/security/bulletin/2021-04-01","refsource":"MISC","tags":[],"title":"Android Security Bulletin—April 2021  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-0468","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0468","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"468","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-0468","qid":"610331","title":"Google Android Devices April 2021 Security Patch Missing"},{"cve":"CVE-2021-0468","qid":"610340","title":"Google Android May 2021 Security Patch Missing for Samsung"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-0468","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android SoC"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of privilege"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/2021-04-01","url":"https://source.android.com/security/bulletin/2021-04-01"}]},"description":{"description_data":[{"lang":"eng","value":"In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-180427272"}]}},"nvd":{"publishedDate":"2021-04-13 19:15:00","lastModifiedDate":"2022-07-12 17:42:00","problem_types":["CWE-1188"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.6,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.7,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.4},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"468","Ordinal":"190170","Title":"CVE-2021-0468","CVE":"CVE-2021-0468","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"468","Ordinal":"1","NoteData":"In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-180427272","Type":"Description","Title":null},{"CveYear":"2021","CveId":"468","Ordinal":"2","NoteData":"2021-04-13","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"468","Ordinal":"3","NoteData":"2021-04-13","Type":"Other","Title":"Modified"}]}}}