Back to Blog
Mobile Security

Pixel 9 0-Click Exploit Chain: Dolby Codec Bug Meets AI Transcription

Google Project Zero chained an integer overflow in Dolby's audio decoder with a kernel driver flaw to get zero-click code execution on a Pixel 9 — reached through the auto-transcription feature in Google Messages.

PyramidLedger Research4 min read
Share

Key Takeaways

  • Google Project Zero chained an integer-overflow bug in Dolby's Unified Decoder (CVE-2025-54957) with a Linux kernel driver flaw (CVE-2025-36934) to achieve 0-click code execution on a Pixel 9.
  • The entry point wasn't a malicious app or a tapped link — it was Google Messages automatically decoding incoming SMS/RCS audio attachments to power on-device transcription, no user interaction required.
  • Dolby's Unified Decoder is licensed into many Android OEM media stacks, not just Pixel, so the exposure was broader than one device line; fixes shipped in Android's January 2026 security update.
  • Samsung's S24 blocked the kernel escalation step with a stricter seccomp filter on its codec sandbox, while Pixel 9 did not — a concrete example of sandboxing depth changing exploit outcomes even when the same codec bug is present.

AI transcription put audio codecs back in the 0-click blast radius

Google Messages now automatically decodes incoming SMS and RCS audio attachments so it can transcribe and search them on-device — before the recipient ever opens the message. That auto-decode step is exactly the kind of "message arrives, code runs" primitive that defined the Stagefright era of Android media-parsing bugs. Google Project Zero's Natalie Silvanovich just demonstrated that this class of attack surface didn't go away — it moved into the codecs that AI features now invoke automatically.

The bug: an integer overflow in Dolby's Unified Decoder

CVE-2025-54957 lives in Dolby's Unified Decoder (UDC), the audio codec many Android OEMs — and some Windows systems — license for Dolby Digital Plus playback. While parsing the Extensible Metadata Delivery Format (EMDF) block inside a DD+ file, an allocation-size calculation can wrap around on 64-bit systems, producing an undersized buffer. The subsequent write loop still uses the original, larger payload length, corrupting heap memory — a classic out-of-bounds write caused by an unchecked integer overflow. Silvanovich and Ivan Fratric reported it to Dolby; Project Zero calls it likely present "in the 0-click attack surface of most Android devices in use today."

From a corrupted heap to a Pixel 9 kernel

Project Zero got 0-click code execution inside the sandboxed mediacodec process on a Pixel 9 running Android 16. To turn that into something more useful, they chained it with a second bug, CVE-2025-36934 — a flaw in the BigWave kernel driver, reachable from the codec sandbox, that let them overwrite kernel structures via a crafted ioctl call and escalate to kernel-level read/write. Seth Jenkins found that driver bug after less than a day reviewing it. Notably, the escalation only worked because Pixel 9's codec sandbox lacked a restrictive seccomp filter blocking access to that driver — Samsung's S24 applied one and was not vulnerable to this specific escalation path, even though the underlying Dolby bug affected it too.

Why this reaches beyond one phone

Dolby's UDC isn't Pixel-specific: it's embedded across many Android OEM media stacks and in Windows systems running affected UDC versions. Both vulnerabilities were reported to their respective vendors in June 2025, and fixes shipped in Android's January 2026 security update (the BigWave driver fix landed January 6, 2026). Devices running an older patch level, or an OEM build that hasn't backported the fix, remain exposed to the same 0-click chain.

What this means for security teams

  • Patch to the January 2026 or later Android security level across the fleet, and confirm OEM/carrier builds actually backported CVE-2025-54957 and CVE-2025-36934 rather than just bumping a version string.
  • Track Dolby UDC exposure outside Android too — Windows hosts running affected UDC builds fall under the same advisory.
  • Treat sandbox depth as a real mitigation layer, not boilerplate: the Samsung S24 case shows a tighter seccomp policy on the codec process stopped the kernel-escalation half of this chain outright.
  • Model "AI convenience" features — auto-transcription, auto-summarization, on-device search — as attack-surface decisions. Anything that decodes untrusted media before a user interacts with it is a candidate 0-click entry point and belongs in your mobile threat model and fuzzing scope.

Frequently asked questions

Frequently Asked Questions

What is CVE-2025-54957?

An integer overflow in Dolby's Unified Decoder that produces an out-of-bounds heap write when the codec parses EMDF metadata in a Dolby Digital Plus audio file. Google Project Zero reported it and Android shipped a fix in the January 2026 security update.

Do I need to open or tap anything to be affected?

No. Google Messages automatically decodes incoming SMS/RCS audio attachments for on-device transcription, so the vulnerable codec runs before the user interacts with the message — that's what makes this a 0-click bug.

Is this only a Pixel 9 problem?

No. Project Zero used the Pixel 9 as its demonstration target, but Dolby's Unified Decoder is licensed into many Android OEM media stacks and into Windows systems running affected UDC versions, so exposure isn't limited to Google's own hardware.

Sources

  1. 1A 0-click exploit chain for the Pixel 9 Part 1: Decoding DolbyGoogle Project Zero
  2. 2Vulnerability in Dolby Decoder Can Allow Zero-Click AttacksSecurityWeek
  3. 3Zero-click Dolby audio bug lets attackers run code on Android and Windows devicesMalwarebytes
  4. 4CVE-2025-54957 DetailNVD
Share

Read next