Project Zero chains two bugs to root a Pixel 10 with zero clicks

Google’s Project Zero ported its earlier Pixel 9 zero-click chain to the Pixel 10, demonstrating that root access is still reachable through just two vulnerabilities. The first link reuses CVE-2025-54957, a Dolby UDC bug that worked across Android until the January 2026 patch; adapting it to Pixel 10 mostly required recalculating library offsets and finding a new overwrite target after RET PAC replaced stack canaries, with researchers settling on dap_cpdp_init as a safe one-shot init function to clobber.

The privilege escalation link is the more striking finding. Because Pixel 10’s BigWave driver is gone, the team audited its replacement — a custom VPU driver for the Tensor G5’s Chips&Media Wave677DV silicon — and found a textbook bug within two hours. The vpu_mmap handler calls remap_pfn_range using the caller-supplied VMA size with no bound against the actual MMIO register region, so userspace can map arbitrary physical memory starting at the VPU’s known fixed address. Since the kernel image sits at a deterministic offset above that region, an attacker gets arbitrary kernel read-write in roughly five lines of code, with a full exploit taking under a day.

The disclosure timeline was unusually fast — patched 71 days after the November 2025 report and rated High rather than the Moderate that BigWave received — which Project Zero calls genuine progress in Android’s triage posture. The harsher takeaway is that the same vendor team shipped another trivially exploitable driver bug five months after BigWave, suggesting driver code audits aren’t happening proactively even after prior reports highlighted the area.