Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2021-0934

CVE-2021-0934: Google Android DOS Vulnerability

CVE-2021-0934 is a denial of service flaw in Google Android's AccountsDb.java that enables resource exhaustion attacks. This article covers the technical details, affected Android versions, impact, and mitigation.

Updated:

CVE-2021-0934 Overview

CVE-2021-0934 is a local denial of service vulnerability in the Android operating system. The flaw resides in the findAllDeAccounts method of AccountsDb.java, a component of the Android Accounts subsystem. The vulnerability stems from uncontrolled resource consumption [CWE-1284], allowing a local actor to exhaust system resources. Exploitation requires only local access with low privileges and no user interaction. Affected releases include Android 10, 11, 12, 12L, and 13. Google tracked the issue internally as A-169762606 and addressed it in the December 2022 Android Security Bulletin.

Critical Impact

A local application can trigger resource exhaustion in the Accounts database handler, producing a denial of service condition on affected Android devices without requiring elevated privileges or user interaction.

Affected Products

  • Google Android 10 and Android 11
  • Google Android 12 and Android 12L
  • Google Android 13

Discovery Timeline

  • 2022-12-01 - Fix published in the Android Security Bulletin
  • 2022-12-13 - CVE CVE-2021-0934 published to NVD
  • 2025-04-22 - Last updated in NVD database

Technical Details for CVE-2021-0934

Vulnerability Analysis

The vulnerability affects the findAllDeAccounts function in AccountsDb.java, which is part of the Android AccountManagerService framework. This function queries the device-encrypted (DE) accounts database and returns account records to callers. The method fails to enforce sufficient bounds on the resources consumed during its operation. A local caller can invoke the code path in a manner that consumes memory or processing resources without limit, leading to a denial of service condition on the affected device.

The issue is categorized as uncontrolled resource consumption [CWE-1284]. Confidentiality and integrity are not impacted, but availability is degraded. The vulnerability does not provide additional execution privileges to the attacker, restricting impact to availability of the Accounts subsystem and, depending on conditions, the broader system.

Root Cause

The root cause is missing or insufficient validation of input parameters or query scope inside findAllDeAccounts. When account records are enumerated, the implementation does not bound the work performed, allowing a caller to drive the operation into a resource exhaustion state. The fix is included in the December 1, 2022 Android security patch level.

Attack Vector

Exploitation requires local access and low privileges, typically granted to a malicious or compromised application installed on the device. The attacker invokes the affected Accounts API path from their application context. No user interaction is required. Successful exploitation degrades availability of the Accounts service and may cascade into broader system unresponsiveness depending on memory pressure.

No public proof-of-concept code is associated with this CVE. See the Android Security Bulletin December 2022 for the official advisory.

Detection Methods for CVE-2021-0934

Indicators of Compromise

  • Repeated crashes or restarts of system_server or the Android Accounts service on devices running unpatched Android 10 through 13 builds.
  • Anomalous memory or CPU consumption attributed to a third-party application invoking Account Manager APIs at high frequency.
  • Application Not Responding (ANR) events tied to account enumeration calls in logcat output.

Detection Strategies

  • Inspect installed applications for unexpected use of the GET_ACCOUNTS permission and high-frequency calls to AccountManager APIs.
  • Correlate device telemetry from mobile threat defense agents to identify applications producing repeated DoS-like behavior against system services.
  • Review Android security patch level (ro.build.version.security_patch) across the fleet and flag devices reporting a level earlier than 2022-12-01.

Monitoring Recommendations

  • Enroll Android endpoints in a Mobile Device Management (MDM) platform that reports patch level compliance and application inventory.
  • Forward device crash and ANR telemetry to a centralized analytics platform for trend analysis against known DoS patterns.
  • Establish alerting for repeated system_server restarts that may indicate active exploitation attempts.

How to Mitigate CVE-2021-0934

Immediate Actions Required

  • Apply the December 2022 Android security patch (security patch level 2022-12-01 or later) to all affected devices.
  • Audit installed third-party applications and remove any with unjustified use of the GET_ACCOUNTS permission or unknown origin.
  • Prioritize patch deployment for devices that cannot be removed from production but hold sensitive workloads.

Patch Information

Google published the fix in the Android Security Bulletin December 2022 under Android ID A-169762606. Device manufacturers ship the corresponding patch as part of their monthly security update rollups. Confirm that the device's reported security patch level is 2022-12-01 or later after the update is applied.

Workarounds

  • Restrict installation of untrusted applications by enforcing an allowlist through MDM policy.
  • Disable or block sideloading on managed devices to reduce the local attack surface.
  • Retire or isolate devices that cannot receive vendor updates to the December 2022 patch level.
bash
# Verify the Android security patch level on a connected device
adb shell getprop ro.build.version.security_patch
# Expected output for remediated devices: 2022-12-01 or later

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne