Project Zero ported its Pixel 9 0-click-to-root chain to Pixel 10, replacing the patched BigWave LPE with a trivially exploitable VPU mmap bug found in a 2-hour audit.
Key Takeaways
CVE-2025-54957 (Dolby UDC) ported to Pixel 10 required mainly offset updates; RET PAC replaced stack canary, so dap_cpdp_init was used as the overwrite target instead.
The Tensor G5 VPU driver for Chips&Media Wave677DV exposes raw MMIO via remap_pfn_range with no size bounds, letting userspace map arbitrary physical memory including the full kernel image.
Kernel is at a fixed physical offset from the VPU region on Pixel, so no scanning needed; arbitrary kernel read-write achieved in 5 lines of code.
Bug reported Nov 24 2025, patched in the February Pixel bulletin – 71 days, the first Android driver bug Project Zero saw patched inside 90 days.
The VPU driver was written by the same team as BigWave; a shallow audit found a critical flaw 5 months after BigWave bugs were reported, suggesting no cross-driver security review occurred.
Hacker News Comment Review
Commenters flagged that the original 0-click surface on Pixel 9 was introduced by AI-powered pre-decoding of messages before the user opens them, linking AI feature expansion directly to attack surface growth.
Discussion noted the 90-day patch window as unusually fast for Android but alarming in context: it is the first time ever for an Android driver bug, raising concerns about the broader non-Pixel Android ecosystem.
Skepticism surfaced about whether AI tooling materially helps defenders find bugs like this; the VPU flaw was spotted by humans in 2 hours, and the Pixel 9 bug was introduced via AI-generated or AI-adjacent code.
Notable Comments
@jeffbee: Notes that Project Zero must report Android bugs through the VRP front door with standard severity triage rather than internal escalation – structural friction even within Google.
@rjsw: Points out long-pending V4L2 hardware decode support is now mainline; vendors shipping direct MMIO drivers likely did so to avoid waiting for that upstream path.
