Login Sign Up

CVE-2021-0493

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to write beyond allocated memory boundaries in Android's memory management driver, potentially leading to privilege escalation. It affects Android devices using specific System-on-Chip (SoC) implementations. No user interaction is required for exploitation.

💻 Affected Systems

Products:
  • Android devices with specific SoC implementations
Versions: Android SoC versions prior to May 2021 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects specific Android System-on-Chip implementations; not all Android devices are vulnerable.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root privileges, allowing installation of persistent malware, data theft, and bypassing all security controls.

🟠

Likely Case

Local privilege escalation enabling attackers to gain elevated permissions, access sensitive data, or install malicious applications.

🟢

If Mitigated

Limited impact if devices are patched, have SELinux enforcing mode, and follow Android security best practices.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical access or local code execution.
🏢 Internal Only: HIGH - Malicious apps or compromised users can exploit this to gain elevated privileges on affected devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to execute code; no authentication bypass needed once local access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: May 2021 Android Security Bulletin or later

Vendor Advisory: https://source.android.com/security/bulletin/2021-05-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install May 2021 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Restrict app installations

android

Only install apps from trusted sources like Google Play Store to reduce attack surface

Enable Google Play Protect

android

Ensure Google Play Protect is enabled to detect and block malicious applications

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Implement application allowlisting to prevent unauthorized app execution

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If earlier than May 2021, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows May 2021 or later in Settings > About phone > Android security patch level.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Memory corruption errors in dmesg
  • SELinux denials for privilege escalation attempts

Network Indicators:

  • Unusual outbound connections from privileged processes
  • Unexpected privilege escalation patterns

SIEM Query:

source="android_logs" AND ("kernel panic" OR "out of bounds" OR "memory corruption")

📊 Metadata

CVE ID: CVE-2021-0493
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 11, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0493, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)