Login Sign Up

CVE-2021-0881

7.8 HIGH

📋 TL;DR

This CVE describes an integer overflow vulnerability in the PowerVR kernel driver for Android devices. It allows local attackers to gain escalated privileges without user interaction, potentially taking full control of affected devices. The vulnerability affects Android devices using specific PowerVR GPU hardware.

💻 Affected Systems

Products:
  • Android devices with PowerVR GPU hardware
Versions: Android versions with vulnerable PowerVR kernel driver (specific versions not detailed in CVE)
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android System-on-Chip (SoC) implementations using PowerVR graphics. Requires specific hardware/driver combination.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root/kernel-level access, allowing installation of persistent malware, data theft, and bypassing of all security controls.

🟠

Likely Case

Local privilege escalation enabling attackers to bypass app sandboxing, access sensitive data, and install malicious apps with elevated permissions.

🟢

If Mitigated

Limited impact if devices are patched, have SELinux enforcing mode, and follow principle of least privilege for apps.

🌐 Internet-Facing: LOW (requires local access to device, not directly exploitable over network)
🏢 Internal Only: HIGH (malicious apps or users with physical access can exploit locally)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to execute code on device. Kernel driver vulnerabilities typically require some technical sophistication to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security updates from April 2023 onward

Vendor Advisory: https://source.android.com/security/bulletin/2023-04-01

Restart Required: Yes

Instructions:

1. Check for Android security updates in device settings. 2. Install April 2023 or later security patch. 3. Reboot device after installation. 4. Verify patch level in About Phone settings.

🔧 Temporary Workarounds

Restrict app permissions

android

Limit app installations to trusted sources and review app permissions to reduce attack surface

Enable Google Play Protect

android

Ensure Google Play Protect is active to detect potentially harmful apps

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Implement strict app installation policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About Phone > Android version. If before April 2023, device may be vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows April 2023 or later date in About Phone settings.

📡 Detection & Monitoring

Log Indicators:

  • Kernel crash logs
  • SELinux denials related to PowerVR driver
  • Unexpected privilege escalation attempts

Network Indicators:

  • None (local exploit only)

SIEM Query:

Look for kernel panic events or SELinux audit logs containing 'PVRSRV' or 'RGX' strings

📊 Metadata

CVE ID: CVE-2021-0881
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: April 19, 2023
Last Updated: February 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0881, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)