CVE-2026-0125

Vulnerability

In the vpu_ioctl.c file of the Pixel Video Processing Unit (VPU) kernel driver, multiple functions contain a use-after-free vulnerability due to a race condition [1]. This occurs when concurrent operations on shared memory objects are not properly synchronized, allowing a freed object to be accessed. The issue affects Pixel devices running a security patch level before 2026-06-05.

Exploitation

An attacker with local access to the device can trigger the race condition without requiring any additional execution privileges or user interaction [1]. The attacker must carefully time operations to exploit the window between freeing and reusing a memory object, but no special permissions are needed beyond normal user-level access.

Impact

Successful exploitation leads to local escalation of privilege (EoP) [1]. The attacker can gain elevated privileges within the kernel context, potentially allowing full control over the affected device's video processing capabilities and further system compromise.

Mitigation

Google addressed this vulnerability in the June 2026 Pixel Update Bulletin, with a fix included in the 2026-06-05 security patch level [1]. Users should ensure their Pixel devices are updated to this patch level or later. No workarounds are available; the only mitigation is applying the security update.