Sandboxing?

The decoder _is_ running in a sandbox. They used the decoder bug to then deliver /another/ exploit for the kernel driver for the "BigWave" hardware AV1 decoder - which is accessible from the 'mediacodec' sandbox used for decoding media (though, doesn't seem like this driver was necessary for /particular/ decoder involved in the initial attack). They quickly found 3 different exploitable bugs in said driver, so.. spoiled for choice there.

So, exploit the sandboxed media decoder to deliver the exploit for the hardware decoder acceleration driver -> code execution in kernel -> game over.