CVE-2025-36934

Name of the Vulnerable Software and Affected Versions Google (affected versions not specified)

Description The issue is a use after free condition stemming from a race condition within the bigo worker thread function located in private/google-modules/video/gchips/bigo.c. This can result in local privilege escalation without requiring additional execution privileges or user interaction. The vulnerability was discovered in the BigWave driver and can be exploited using specially crafted MP4 files to achieve arbitrary code execution in the mediacodec context, followed by chaining to the vulnerability for kernel privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.