This Android kernel exploit is way too simple YT

Description

Are you a security researcher or reverse engineer?

For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **

*License discounts are only valid for individuals, not corporations. Cannot be combined with any other promo code or discount.
** Cannot be combined with any other promo code or discount.

/////////////////////////////////////

Hey guys, today we're branching out from the iOS content and we're taking a look at our first ever Android vulnerability on this channel.

Google Project Zero just published a new blog discussing this specific vulnerability. It is a very powerful kernel bug in the Google Pixel 10 /dev/vpu driver. Specifically, the vpu_mmap handler function misses a very critical size check.

From a userspace process, it is possible to call mmap on the VPU file descriptor, and map an arbitrarily large number of physical memory pages into userspace, starting from the page used for the VPU's MMIO register region. The kernel's own physical memory is included in this out of bounds range, and thus this vulnerability provides full kernel read and write in just 5 lines of C code.

Check out the original post from Project Zero.

Let me know what you thought of this video, and if you'd be interested in seeing more Android content alongside the existing iOS/macOS content.

Thanks for watching,
~ bellis1000
https://zygosec.com

References
https://projectzero.google/2026/05/pixel-10-exploit.html
https://project-zero.issues.chromium.org/issues/463438263