A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave

A security researcher has identified a critical vulnerability in the Linux kernel used by Google Pixel devices, specifically affecting the BigWave hardware accelerator. This flaw, if exploited, could allow an attacker to escape the restricted "mediacodec" sandbox and gain arbitrary read and write capabilities within the kernel. The vulnerability was discovered by Seth Jenkins, who detailed his findings in a recent analysis.
The BigWave hardware is responsible for accelerating AV1 decoding tasks on Pixel System-on-Chips (SoCs). Because of its role in media processing, its associated driver, accessible via `/dev/bigwave`, is exposed to the `mediacodec` SELinux context. This context is designed to be a sandboxed environment for less secure software decoders. However, Jenkins utilized a tool called DriverCartographer to examine the `/dev/bigwave` driver and uncovered several security issues.

Among the identified bugs, one stands out for its potential to break out of the `mediacodec` sandbox. This specific vulnerability stems from a race condition within the driver's handling of job processing. When a job is submitted to the BigWave hardware via the `BIGO_IOCX_PROCESS` ioctl, the system waits for the hardware to complete the task. If the worker thread responsible for processing these jobs is significantly delayed, the ioctl call might time out and return to userland, even as the worker thread is still actively processing the job.
If, at this point, the userland process closes the file descriptor associated with the BigWave instance, the underlying kernel data structure (`inst`) and its associated job information are freed. However, the worker thread, unaware of this deallocation, continues to operate on the now-freed memory. This creates a use-after-free (UAF) condition.
The exploitation of this UAF allows an attacker to control the destination of a write operation. By spraying attacker-controlled memory allocations, an attacker can influence the pointer that the driver attempts to write to. Furthermore, by carefully configuring the BigWave hardware registers to prevent actual execution, the attacker can ensure that the final state of the registers closely matches the initial state. This control over the write destination and the predictable final state enables an arbitrary write primitive, capable of modifying 2144 bytes of kernel memory.

Exploiting this vulnerability in the presence of Kernel Address Space Layout Randomization (KASLR) would typically require complex techniques to bypass memory protections. However, the researcher discovered a simplified strategy that effectively bypasses KASLR on Pixel devices. This bypass allows for direct overwriting of data within the kernel's `.data` section by using a hardcoded address, significantly simplifying the exploit and improving its reliability.
With the arbitrary write primitive and the KASLR bypass, the researcher could modify kernel global variables. However, a `complete` call within the worker thread's execution loop, which performs list operations, presented an additional challenge. To overcome this, the attacker needs to forge a valid list entry for the `q` structure, which is part of the freed `inst`.
The solution involves leveraging the already established arbitrary write capability. The attacker can forge arbitrary list nodes within controlled memory in the kernel's `.data` section. They can also place pointers to these forged list nodes within the initial memory spray used to overwrite the `inst`. Crucially, the attacker knows the location of the `init` task's task struct in kernel memory, which resides in `.data`. By forging a list entry that points to the `init` task's struct, the attacker can cause a spurious wake-up call to the `init` task, thereby achieving arbitrary code execution within the kernel.
Fixes for all three bugs discovered in the BigWave driver were made available on January 5, 2026. Users are advised to ensure their Pixel devices are updated with the latest security patches to mitigate these risks.





