← All stories

Google Project Zero

A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave

Seth Jenkins · 2026-01-14 · Read original ↗

ATT&CK techniques detected

5 predictions

T1068Exploitation for Privilege Escalation

99%

"a 0 - click exploit chain for the pixel 9 part 2 : cracking the sandbox with a big wave with the advent of a potential dolby unified decoder rce exploit, it seemed prudent to see what kind of linux kernel drivers might be accessible from the resulting userland context, the mediac…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1068Exploitation for Privilege Escalation

96%

"that the generated code will work agnostic to the shellcode ’ s location or alignment in memory. finalizing the exploit kernel arbitrary read / write is motivating enough as a security researcher to demonstrate the impact of the vulnerability, but it seemed incumbent to create so…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1068Exploitation for Privilege Escalation

88%

", including one that was powerful enough to escape the mediacodec sandbox and get kernel arbitrary read / write on the pixel 9. the ( very short ) bug hunt the first bug i found was a duplicate that was originally reported in february of 2024 but remained unfixed at the time of r…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1068Exploitation for Privilege Escalation

82%

". it is, however, quite tedious and is not really my idea of a fun time. thankfully i found a much simpler strategy which essentially allows the generic bypass of kaslr on pixel in its entirety, the details of which you can read about in my previous blog post. the end - result of…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1055.001Dynamic-link Library Injection

75%

"##f pointer job - > regs, so we can control the destination of our write. additionally since we set the registers at the beginning of execution, by setting the registers in such a way that the bigwave processor does not execute at all, we can ensure that the end register state is…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. BigWave is hardware present on the Pixel SOC that accelerates AV1 decoding tasks, which explains why it is accessible from the mediacodec context. As previous research has copiously affirmed, Android drivers for hardware devices are prime places to find powerful local privilege escalation bugs. The BigWave driver was no exception - across a couple hours of auditing the code, I discovered three separate bugs, including one that was powerful enough to escape the mediacodec sandbox and get kernel arbitrary read/write on the Pixel 9.