CVE-2021-0872 – This CVE describes an integer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2021-0872?

CVE-2021-0872 has a CVSS score of 7.8 (HIGH). This CVE describes an integer overflow vulnerability in the PowerVR kernel driver for Android devices. It allows local attackers to gain escalated privileges without user interaction, potentially taking full control of affected devices. The vulnerability affects Android devices using PowerVR graphics hardware.

📋 TL;DR

This CVE describes an integer overflow vulnerability in the PowerVR kernel driver for Android devices. It allows local attackers to gain escalated privileges without user interaction, potentially taking full control of affected devices. The vulnerability affects Android devices using PowerVR graphics hardware.

💻 Affected Systems

Products:

Android devices with PowerVR graphics hardware

Versions: Android SoC versions prior to April 2023 security patches

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with PowerVR GPU hardware from Imagination Technologies. Most Android devices use Qualcomm, ARM Mali, or other GPU vendors.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root privileges, allowing installation of persistent malware, data theft, and bypassing all security controls.

🟠

Likely Case

Local privilege escalation enabling attackers to bypass app sandboxing, access sensitive data, and install malicious apps with elevated permissions.

🟢

If Mitigated

Limited impact if SELinux policies restrict kernel access or if the vulnerable driver is not loaded/used.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to device. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: April 2023 Android Security Bulletin

Vendor Advisory: https://source.android.com/security/bulletin/2023-04-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install April 2023 or later security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable PowerVR driver (if possible)

linux

Prevent loading of vulnerable kernel module

echo 'blacklist pvrsrvkm' >> /etc/modprobe.d/blacklist.conf
rmmod pvrsrvkm

🧯 If You Can't Patch

Restrict physical access to devices and implement strong device management policies
Use Android Enterprise or MDM solutions to enforce security policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If before April 2023, device is vulnerable if it has PowerVR GPU.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows April 2023 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
SELinux denials related to PowerVR driver
Unexpected privilege escalation attempts

Network Indicators:

None - this is a local exploit

SIEM Query:

source="android_kernel" AND ("pvrsrv" OR "PowerVR") AND ("overflow" OR "OOB" OR "privilege escalation")

📊 Metadata

CVE ID: CVE-2021-0872

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: April 19, 2023

Last Updated: February 5, 2025

🔗 References

https://source.android.com/security/bulletin/2023-04-01 Vendor Advisory
https://source.android.com/security/bulletin/2023-04-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0872, you might also want to check these: