Project Zero exposes Pixel 10 root vulnerability via Tensor G5 driver flaw
A newly published exploit chain reveals how a simple memory mapping error in the Pixel 10’s video processing unit driver allows attackers to gain full kernel access, highlighting both improved patching speeds and persistent driver security risks.
Google Project Zero researchers have published a detailed analysis of a 0-click exploit chain capable of gaining root access on the Google Pixel 10. The demonstration utilises an updated version of the Dolby UDC exploit targeting CVE-2025-54957, combined with a newly identified vulnerability within the VPU driver for the Chips&Media Wave677DV silicon found in the Tensor G5 chip. This chain effectively bridges the gap from a zero-click context to full kernel privileges, marking a significant development in Android security research.
The researchers noted that while the Dolby vulnerability existed across all Android versions until patched in January 2026, adapting the local privilege escalation component from their previous Pixel 9 chain was not feasible. The BigWave driver used in the earlier exploit does not ship on the Pixel 10. Instead, the team identified a new driver visible in the mediacodec SELinux context at /dev/vpu, which interacts with the Chips&Media Wave677DV silicon designed for accelerating video decoding.
A critical flaw was discovered in how this VPU driver handles memory mapping. Unlike older Chips&Media chips that integrate with the Video for Linux API, the Pixel 10 driver directly exposes the chip’s hardware interface to userspace. The researchers found that the mmap handler, intended to map the VPU’s MMIO register region, relied solely on the size of the virtual memory area rather than being bounded by the actual register region size. This unbounded handler allowed userspace to map arbitrary physical memory, including the kernel image, by specifying a size larger than the register region in an mmap syscall.
The exploit for this specific vulnerability was remarkably efficient, requiring only five lines of code to achieve arbitrary read-write access on the kernel. Because the kernel is always located at the same physical address on Pixel devices, researchers could calculate the exact offset to the kernel image relative to the VPU memory region without needing to scan for it. The full exploit was developed in less than a day of effort, underscoring the severity of the oversight in the driver’s design.
The vulnerability was reported to the Android VRP on November 24, 2025, and was rated as High severity. This represents a positive shift in triage posture, particularly when compared to the BigWave bug used in the Pixel 9 chain, which had an identical security impact but was initially rated as Moderate. The issue was patched 71 days later in the February Pixel security bulletin, marking the first time an Android driver bug reported by the author was addressed within 90 days of the vendor being informed.
Despite the rapid patching, the research highlights ongoing systemic risks within Android driver development. Project Zero emphasised that while the swift remediation is a clear improvement, the discovery of such a shallow vulnerability after only two hours of auditing suggests a need for more robust, security-aware code practices. The researchers urged vendors to take a proactive approach to code auditing to prevent similar issues from reaching end-users.
The updated Dolby UDC exploit remains functional only on unpatched devices running the Security Patch Level of December 2025 or earlier. The publication serves as a reminder that while patching pipelines are improving, the underlying security of hardware drivers requires continuous and rigorous scrutiny to ensure a resilient Android ecosystem.
