What is the BigWave driver exploit on Pixel 9?

It's a use-after-free in the /dev/bigwave kernel driver, triggered by ioctl races, leading to sandbox escape and arbitrary kernel read/write from mediacodec context.

Does the Pixel 9 BigWave vulnerability affect real users?

Yes—if chained with a media decoder RCE like Dolby. Streaming malicious AV1? You're at risk for full compromise.

When did Google fix Pixel 9 BigWave bugs?

Patches landed January 5, 2026. Check your update status; not all Pixels roll out instantly.

🛡️ Security Tools

Pixel 9 Cracked Open: BigWave Driver's Triple Bug Sandbox Escape

Three bugs. Two hours. Pixel 9's BigWave driver hands attackers the keys to kernel town. Google's sandbox? Laughable.

Threat Digest Apr 03, 2026 3 min read 13 views

Diagram of Pixel 9 BigWave driver UAF exploit chain from mediacodec sandbox to kernel compromise

⚡ Key Takeaways

Three bugs in Pixel 9's BigWave driver enable mediacodec sandbox escape to kernel R/W in hours of auditing. 𝕏
UAF from ioctl timeout races lets attackers control hardware register writes via sprayed allocations. 𝕏
Google delayed fixes over a year on one dupe bug; echoes past Android driver woes, predicting more to come. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#BigWave driver #Pixel 9 exploit #kernel UAF #sandbox escape

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Google Project Zero

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Pixel 9's Silent Killer: 0-Click Exploits via Obscure Audio Codecs

Pixel 9's Dolby Decoder: The 0-Click Path Project Zero Just Paved Wide Open

Iran's April 1 Deadline Puts Apple, Google in Crosshairs

Chrome's Fifth Zero-Day Patch: Google Races Against Relentless Exploits

Stay in the loop