Google has integrated a Rust-based DNS parser into Pixel modem firmware to reduce memory-safety vulnerabilities and harden the cellular baseband, starting with the Pixel 10. The implementation adapts the hickory-proto crate for embedded use, uses cargo-gnaw to manage dependencies, and complements prior mitigations to address issues like CVE-2024-27227. #Pixel10 #CVE-2024-27227
Keypoints
- Google integrated a Rust-based DNS parser into Pixel modem firmware to improve memory safety.
- The change targets classes of vulnerabilities that enable remote code execution in baseband components.
- Google adapted the hickory-proto crate for bare-metal and embedded environments and uses cargo-gnaw to resolve 30+ dependencies.
- This effort builds on previous defenses such as IntSan and BoundSan to reduce memory-safety bugs across Android and firmware.
- The DNS parser exposes a C API with a Rust implementation that returns error codes and reuses existing C functions for in-memory updates.
Read More: https://thehackernews.com/2026/04/google-adds-rust-based-dns-parser-into.html