Login Sign Up

CVE-2021-0180

8.4 HIGH

📋 TL;DR

This vulnerability in Intel HAXM software allows local attackers to cause resource exhaustion, potentially leading to privilege escalation. It affects systems running vulnerable versions of Intel HAXM before 7.6.6. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:
  • Intel Hardware Accelerated Execution Manager (HAXM)
Versions: All versions before 7.6.6
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: HAXM is typically used for Android emulation and virtualization acceleration. Systems without HAXM installed are not affected.

📦 What is this software?

Hardware Accelerated Execution Manager by Intel

View all CVEs affecting Hardware Accelerated Execution Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could escalate privileges to gain higher system permissions, potentially compromising the host system.

🟠

Likely Case

Local users could cause denial of service through resource exhaustion or potentially gain elevated privileges on affected systems.

🟢

If Mitigated

With proper access controls limiting local user privileges, impact would be reduced to denial of service at most.

🌐 Internet-Facing: LOW - Requires local access, not remotely exploitable over network.
🏢 Internal Only: HIGH - Local attackers on shared systems or multi-user environments could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of the vulnerability. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.6.6 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00544.html

Restart Required: Yes

Instructions:

1. Download HAXM 7.6.6 or later from Intel's website. 2. Uninstall current HAXM version. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Disable HAXM

all

Remove or disable Intel HAXM if not required for your use case

On Windows: Control Panel > Programs > Uninstall HAXM
On macOS/Linux: Remove HAXM packages

Restrict Local Access

all

Implement strict access controls to limit local user privileges on affected systems

🧯 If You Can't Patch

  • Implement strict user privilege separation and limit local user access to affected systems
  • Monitor system resource usage for unusual consumption patterns indicating potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check HAXM version: On Windows check installed programs list, on macOS/Linux check package manager for HAXM version

Check Version:

Windows: Check Programs and Features. macOS/Linux: Check package manager or run 'haxm-version' if available

Verify Fix Applied:

Verify HAXM version is 7.6.6 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual resource consumption patterns
  • Multiple failed privilege escalation attempts

Network Indicators:

  • None - local attack only

SIEM Query:

Search for: 'HAXM' AND ('resource exhaustion' OR 'privilege escalation') in system logs

📊 Metadata

CVE ID: CVE-2021-0180
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-400
Published: November 17, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0180, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)