The Pixel 9 Zero-Click Exploit Chain That Breaks the Kernel

Estimated reading time: 9 minutes

Key Takeaways:

  • Discovery of a sophisticated zero-click exploit chain bypassing sandboxes to compromise the Android kernel.
  • Exploitation of third-party audio libraries (Dolby) and hardware-specific Tensor chipset drivers.
  • Significant remediation latency (patch gaps) identified between vulnerability disclosure and deployment.
  • Strategic shift in attack surface toward automated background processes like media indexing and transcription.

Table of Contents

The security architecture of modern mobile devices relies on the premise that isolated environments-sandboxes-can contain the impact of a software vulnerability. However, a recent analysis by Google Project Zero reveals that these boundaries are increasingly permeable. The Pixel 9 Zero-Click Exploit Chain That Breaks the Kernel demonstrates a sophisticated progression from a remote media-parsing vulnerability to full kernel compromise without requiring any user interaction. This exploit chain, comprised of vulnerabilities in third-party audio libraries and hardware-specific drivers, underscores the difficulty of securing the modern mobile supply chain.

The Pixel 9 Zero-Click Exploit Chain That Breaks the Kernel: Technical Overview

The attack surface for zero-click exploits has shifted toward automated background processes. Features designed for user convenience, such as the autonomous transcription of audio messages or the indexing of media files, often involve the preemptive parsing of data before a user even views a notification. In the case of the Google Pixel 9, Google Messages facilitates the automatic decoding of audio attachments received via SMS and RCS.

This functionality exposes the device to remote exploitation through the Dolby Unified Decoder (UDC), a library utilized for processing Dolby Digital and Dolby Digital Plus (AC-3 and EAC-3) formats. The exploit chain is categorized into three distinct phases:

  • Initial Remote Code Execution (RCE) within a restricted sandbox.
  • Local Privilege Escalation (LPE) to the kernel.
  • Exploitation of hardware acceleration drivers to achieve the most privileged level of the operating system.

Pixel 9 smartphone surrounded by code and kernel graphics

Phase 1: Remote Code Execution via CVE-2025-54957

The entry point of the chain resides in the Dolby Unified Decoder library. This component is integrated into the firmware of several Android manufacturers to handle high-fidelity audio. The specific vulnerability, identified as CVE-2025-54957, involves the processing of Extensible Metadata Delivery Format (EMDF) metadata.

When a malicious audio file is received, the Google Messages application triggers the `mediacodec` process to decode the file for transcription. During this process, a memory corruption vulnerability occurs within the EMDF parsing logic. By carefully crafting the metadata in an AC-3 or EAC-3 stream, an attacker can trigger an out-of-bounds write or heap corruption.

In the Pixel 9 environment, this results in code execution within the context of the `mediacodec` user. While this process is sandboxed and lacks direct access to user data, it provides the necessary foothold to launch further attacks. Researchers noted this stage required approximately eight man-weeks to develop, highlighting the complexity of modern metadata-based access vectors.

Phase 2: Kernel Compromise via CVE-2025-36934

The second stage of the chain involves escaping the media decoder sandbox to achieve kernel-level control. This is achieved by targeting the /dev/bigwave driver, which is responsible for AV1 video acceleration on the Google Tensor chipset used in the Pixel 9.

The vulnerability, CVE-2025-36934, allows a process with access to the hardware abstraction layer (HAL) to interact with the driver in ways that bypass intended memory protections. By exploiting this flaw, an attacker can obtain kernel-level primitives-essentially the ability to read and write arbitrary kernel memory.

Once an attacker possesses kernel primitives, they can disable security features like SELinux, modify process credentials, and achieve persistent control over the device.

The transition from the mediacodec sandbox to the kernel was remarkably efficient, requiring only three man-weeks. This suggests that hardware-specific drivers, often less scrutinized than core kernel code, remain a high-value target for privilege escalation.

The Economics of Zero-Click Vulnerabilities

The development of the Pixel 9 zero-click exploit chain provides insight into the “economics” of modern cyber attacks. Developing a full chain required approximately 11 man-weeks of effort. In the context of the global exploit market, where zero-click RCE chains for mobile devices can command prices in the millions of dollars, this represents a high return on investment for sophisticated threat actors.

Engineers and analysts monitoring these developments through a cyber threat intelligence platform can see how these chains are advertised in restricted environments. Information gathered from a dark web monitoring service or telegram threat monitoring often shows that specialized groups focus exclusively on these hardware-level escapes.

Remediation Latency and the Supply Chain Risk

A critical finding is the discrepancy in patch timelines across the Android ecosystem. The timeline for the Dolby UDC vulnerability illustrates the complexities of supply-chain risk monitoring:

  • June 26, 2025: Vulnerability disclosed to Dolby.
  • October 15, 2025: Public revelation of the flaw.
  • November 12, 2025: Samsung deploys a patch to its devices.
  • January 5, 2026: Google Pixel 9 receives the security update.

For nearly two months, the Pixel 9 remained vulnerable to a publicly documented RCE flaw that other manufacturers had already addressed. This “patch gap” stems from how third-party libraries are integrated-often bundled within vendor-specific firmware that requires extensive carrier testing. During this period, real-time ransomware intelligence and live ransomware API feeds may show increased activity targeting specific versions of unpatched firmware.

Parallel Hardware Risks: The StackWarp Precedent

The Pixel 9 kernel compromise is not an isolated incident. Recent research into AMD Zen 1-5 processors, codenamed StackWarp (CVE-2025-29943), shows a similar pattern where microarchitectural optimizations undermine system-level security. StackWarp exploits the “stack engine” to corrupt the stack pointer within a Confidential Virtual Machine (CVM).

Both the Pixel 9 driver exploit and StackWarp highlight a fundamental tension in hardware design: the trade-off between performance (hardware acceleration) and security (isolation). In both cases, privileged or sandboxed attackers used hardware-level interfaces to break the integrity of the execution environment.

Integration with PurpleOps Cybersecurity Services

Analyzing complex exploit chains targeting mobile devices is central to the services provided by PurpleOps. For organizations concerned about the security of their infrastructure and mobile endpoints, PurpleOps offers specialized Penetration Testing and Red Team Operations.

Our expertise in Supply Chain Information Security is particularly relevant here. We assist organizations in mapping their reliance on third-party libraries-like the Dolby UDC-and establishing monitoring protocols via our Cyber Threat Intelligence capabilities.

Furthermore, we utilize Dark Web Monitoring to provide underground forum intelligence and brand leak alerting. If a zero-day exploit or a specific bypass for your infrastructure is being discussed in closed circles, our platform alerts your team in real-time.

Technical Analysis of Kernel Privilege Escalation

To understand how to defend against these attacks, engineers must look at the specific primitives used in the Pixel 9 chain. The `/dev/bigwave` driver exploit is an “improper access control” bug. In the Linux kernel, drivers often expose `ioctl` interfaces that, if not strictly validated, allow an attacker to trick the kernel into performing operations on its own memory.

Execution Steps in CVE-2025-36934:

  1. The attacker allocates a buffer in the sandboxed process.
  2. The attacker calls a specific `ioctl` on the AV1 accelerator driver.
  3. The driver fails to check if the destination address of a DMA (Direct Memory Access) operation resides within user-space.
  4. The attacker provides a kernel memory address as the destination.
  5. The hardware writes attacker-controlled data into the kernel’s code or data segments.

This effectively bypasses Kernel Address Space Layout Randomization (KASLR), granting total control over the operating system.

Practical Takeaways for Technical and Business Leaders

For Technical Teams and Engineers:

  • Audit Media Decoders: Disable automated media parsing and transcription in communication apps like Google Messages where possible.
  • Monitor Kernel Interfaces: Use tools like `strace` or `auditd` to monitor suspicious `ioctl` traffic from sandboxed processes like `mediacodec`.
  • Validate Patch Versions: Verify that the “Security Patch Level” is January 5, 2026, or later for Pixel 9 devices.

For Business Leaders and Risk Managers:

  • Assess Supply Chain Dependencies: Include third-party vendor libraries (Dolby, Qualcomm, ARM) in your hardware procurement risk assessments.
  • Response Plan for Patch Gaps: Implement compensatory controls, such as restricted network access or MDM-based feature disabling, when patches are delayed for specific hardware.
  • Invest in Intelligence: Utilize data from the PurpleOps Platform to prioritize patching based on actual threat actor activity.

Protecting the Enterprise from Kernel-Level Threats

The Pixel 9 exploit chain is a reminder that even modern, hardened devices possess “legacy” components that serve as weak links. PurpleOps provides the tools to defend against these threats by combining Protect Against Ransomware strategies with deep technical audits.

Our PurpleOps Platform integrates intelligence streams into a single pane of glass, allowing for rapid identification of vulnerable endpoints. Through our comprehensive Services, we ensure that your organization stays ahead of the exploit development lifecycle.

The transition from a simple SMS to a compromised kernel is a technical reality. To learn more about how our red teaming can help secure your mobile ecosystem, contact our engineering team today.

Frequently Asked Questions

What is a zero-click exploit?
A zero-click exploit is a cyber attack that requires no interaction from the target user. In this case, simply receiving a malicious audio message via SMS/RCS can trigger the exploit chain in the background.

How does CVE-2025-54957 affect Pixel 9?
It is a memory corruption vulnerability in the Dolby Unified Decoder library. When the device automatically parses a malicious audio file for transcription, the vulnerability allows for initial code execution within a sandbox.

Why was there a patch delay for the Pixel 9?
Because the Dolby library is integrated into vendor-specific firmware rather than the core Android OS, the update required a full system image update, which undergoes longer carrier testing cycles compared to standard app updates.

What is the /dev/bigwave driver?
It is a hardware-specific driver on the Google Tensor chipset used for AV1 video acceleration. A vulnerability in this driver allowed attackers to escape the initial sandbox and gain kernel-level access.