Primary

Context

Google Pixel Devices Tracepoint IPC Memory Overwrite Vulnerability Allowing Local Privilege Escalation

Vulnerability

Patched

A vulnerability has been identified in the tracepoint message handler of the CPM component within the Google Pixel devices. This issue arises from improper input validation, leading to a potential memory overwrite. Exploitation of this vulnerability could allow for local escalation of privileges, with no additional execution privileges required. User interaction is not necessary for exploitation.

Impact

Exploitation of this vulnerability could result in unauthorized elevation of privileges, allowing a user to gain access to restricted functions or data.

Remediation

Users can update their devices to the December 2025 security patch level to address this vulnerability.

Added: Dec 11, 2025, 8:21 PM

Updated: Dec 11, 2025, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

4.7

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

4.7

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Pixel Devices Tracepoint IPC Memory Overwrite Vulnerability Allowing Local Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Google Pixel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating