[gruez]

All of the issue you described are specific to basebands, not all "chipsets and drivers", and this article is talking about exploits in DSPs, not basebands. Moreover, AFAIK the baseband (or more specifically the modem) is separated from the application processor on both iPhones and Pixels, so a baseband 0day allowing you to take over the entire phone is already unlikely.

[bri3d]

> exploits in DSPs, not basebands

For what it's worth, the DSP this driver talks to is the same type of DSP used in Qualcomm basebands.

However, there's actually no strong relevance to DSPs at all here; it's just a broken DMA/ION-shared-memory driver that happens to be the one that talks to a DSP. There are lots of these in most Android board support packages.

> separated from the application processor on both iPhones and Pixels

Across an interface with drivers! Quite a few baseband drivers are exploitable from both sides of the interface.

[mschuster91]

> so a baseband 0day allowing you to take over the entire phone is already unlikely.

The baseband has to talk with the main SoC though by some way, and wherever there are interfaces, so are drivers and associated bugs. And usually you get the baseband and main SoC from the same company, so same engineering culture. It's not like shoddy development isn't just happening on the baseband BSP side.

> All of the issue you described are specific to basebands, not all "chipsets and drivers", and this article is talking about exploits in DSPs, not basebands.

Power efficiency, patents and legal compliance crap also impact the main SoC/chipset side.