When a security researcher claims that a vulnerability was “exceptionally simple to exploit.” Not very advanced. Easy. That’s how Google’s Project Zero team explained what they discovered within the Pixel 10’s VPU driver, and it’s the kind of explanation that makes anyone paying attention sit up a little straighter.
The vulnerability, identified as CVE-2026-0106, is found in the vpu_mmap function, which is a component of the kernel-level driver that controls the Video Processing Unit on Pixel devices that use the Tensor G5 chip. In order for applications to communicate with the VPU hardware, the driver’s job is rather simple: it maps the memory-mapped I/O register region into userspace. dull work at the infrastructure level. However, someone neglected to verify that the requested mapping size was truly limited to the actual dimensions of the register region.
Any process with access to the VPU device node could request a much larger memory window from the kernel as a result of this omission—one missing validation. A much, much bigger one. Enough in size to reach up through physical memory and land directly on the kernel, including its data and text regions. areas that are normally off-limits to userspace.
The specific irony in this situation is difficult to ignore. Built by the same development team that created the previous BigWave driver, the driver architecture shared a nearly identical philosophy of directly exposing hardware interfaces to userspace. When all access is strictly regulated, that strategy is effective. The repercussions quickly spread when one handler fails to perform a bounds check.
The predictability was what caught the researchers’ attention. On Pixel devices, the kernel is located at a known physical address that is offset from the VPU register region. There’s no need to scan. Don’t speculate. The kernel is simply there—readable, writable, and exposed—when you map enough memory and perform the arithmetic. Five lines of code were reportedly needed to achieve arbitrary kernel read-write access. It took less than a day to complete a functional exploit.
Before this problem was discovered, Seth Jenkins and Jann Horn, who collaborated at Project Zero, spent about two hours auditing the VPU driver. Two hours. That timeline seems important, implying that this was waiting close to the surface rather than hidden beneath layers of complexity.
Google released fixes for the vulnerability under security patch level 2026-02-05 in the February 2026 Pixel Update Bulletin. Although it’s important to note that the attack requires some sort of existing code execution on the device—a malicious application, for example, acting as the entry point before privilege escalation kicks in—devices running patch levels earlier than that are still technically vulnerable.
This vulnerability was part of a larger two-stage exploit chain that Project Zero developed for the Pixel 10. The first stage of the exploit chain targeted a different Dolby audio decoder flaw that was present in all Android versions up until January 2026. The chain went straight from zero-click context to root. The security community refers to that combination as a “full chain,” and it’s still unknown how many other drivers in Android’s vast device ecosystem make comparable assumptions regarding physical memory limits.
As these revelations mount, there’s a sense that the issue isn’t unusual attacker cunning. It’s the persistence of tiny, self-assured assumptions in driver code that remain true until someone chooses to verify them.
