CriticalPatch availableHigh confidenceVulnerabilitiesBreaking

Severity rationale: The exploit chain allows for zero-click, full kernel compromise on a flagship device. The simplicity of the VPU driver flaw makes it highly reliable.

Critical Zero-Click Exploit Chain Disclosed for Pixel 10 VPU Driver

Google · Pixel 10 — CVE-2025-54957

Researchers have successfully demonstrated a zero-click exploit chain on the Pixel 10 that allows an attacker to gain full control of the device with no user interaction. The attack targets a flaw in the video processing driver (VPU) that allows unauthorized access to the device's kernel memory. Google has released a patch for this in the February 2026 update; organizations must ensure Pixel 10 devices are updated immediately to mitigate this risk.

By CyberBrief AI Desk Jun 30, 2026 4 min readLast updated Jun 30, 2026Reviewed Jun 30, 2026

Key Facts

Vendor: Google
Product: Pixel 10
CVE: CVE-2025-54957
CVSS: 9.8
Exploitation: Proof-of-concept only
Affected versions: Google Pixel 10 (Tensor G5) with Security Patch Level December 2025 or earlier
Fixed versions: February 2026 Security Patch Level (SPL)

Summary

Google Project Zero researchers have disclosed a zero-click exploit chain targeting the Pixel 10. The chain combines a previously patched Dolby vulnerability (CVE-2025-54957) for initial entry with a newly discovered, "shallow" vulnerability in the Pixel 10's VPU driver. The latter allows an attacker to map arbitrary physical memory, including the kernel image, into userland, leading to trivial kernel code execution.

What happened

The exploit chain consists of two primary links:

Initial Access: An update to a known Dolby vulnerability (CVE-2025-54957). Researchers bypassed new Pixel 10 security features, specifically RET PAC (Return Address Cryptography), which replaced standard stack canaries. Instead of overwriting __stack_chk_fail, researchers targeted the dap_cpdp_init function, which is only called once during initialization, allowing it to be overwritten without crashing the system.
Privilege Escalation: A critical flaw in the VPU driver (/dev/vpu) used for the Tensor G5's video decoding acceleration. The driver's mmap handler failed to bound the size of the request to the actual MMIO register region. By requesting a large memory map, an attacker could access physical memory addresses higher than the VPU registers, where the Android kernel resides. Because the kernel physical address is fixed on Pixel devices, this allowed for direct unauthorized read/write access to kernel .text and .data regions.

Why it matters

The VPU driver vulnerability is described as a "Holy Grail" bug due to its extreme simplicity. It requires only five lines of code to achieve arbitrary kernel read/write. This underscores a persistent issue where third-party hardware drivers introduced into the Android ecosystem lack the same security rigor as the core OS, creating high-impact "shallow" vulnerabilities that bypass platform-wide mitigations.

Affected systems

Google Pixel 10 devices running the Tensor G5 chip.
Devices with Security Patch Level (SPL) December 2025 or earlier are vulnerable to the full chain.
The VPU driver vulnerability was patched in the February 2026 Pixel Security Bulletin.

Recommended actions

Immediate Update: Ensure all Pixel 10 devices are updated to the February 2026 Security Patch Level or later.
Audit Media Contexts: Security teams should monitor for unusual activity within the mediacodec SELinux context, as this is where the vulnerable VPU driver is exposed.
Device Management: Utilize MDM solutions to enforce minimum OS patch levels across the fleet to mitigate zero-click media-based exploits.

Technical details

The chain utilizes CVE-2025-54957 for initial code execution within a media-related sandbox. It then exploits a lack of bounds checking in the vpu_mmap function of the /dev/vpu driver. By providing a size parameter to the mmap syscall that exceeds the physical hardware registers' range, the driver calls remap_pfn_range on subsequent physical memory blocks. Since the Android kernel is loaded at a predictable physical offset, the attacker can map the kernel's memory space into their own process with read/write permissions.

Detection & hunting

Monitor for unexpected memory mapping sizes originating from processes with access to /dev/vpu. While difficult to detect on-device without specialized tooling, anomalous mediacodec behavior or crashes in dap_cpdp_init during media playback may indicate exploitation attempts.

Recommended actions

Patch & Verify

Verify Pixel 10 devices are running at least the February 2026 Security Patch Level.
Force an immediate update on any devices lagging behind the December 2025 SPL.

Harden

Review SELinux policies if using custom Android builds to ensure the /dev/vpu driver access is restricted to necessary services only.

Compliance relevance

NIST CSF v2.0GV.OC-01: Asset ManagementPR.PS-01: Configuration ManagementRS.MI-01: Mitigation Tactics

Sources

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens · Google Project Zero
National Vulnerability Database · Nist

ShareX LinkedIn

Disclaimer: CyberBrief HQ articles are for informational purposes only and do not constitute security advice for any specific environment. Always validate guidance against your own controls and vendor advisories before acting.