CVE-2025-0072 is a Use After Free (UAF) vulnerability identified in the Arm Ltd Valhall GPU Kernel Driver, which is part of the Arm 5th Generation GPU Architecture. This vulnerability arises due to improper handling of GPU memory operations, where a local non-privileged user process can access memory that has already been freed. The affected driver versions span from r29p0 through r49p3 and from r50p0 through r53p0 for the Valhall GPU Kernel Driver, and similarly from r41p0 through r49p3 and r50p0 through r53p0 for the Arm 5th Gen GPU Architecture Kernel Driver. The vulnerability is classified under CWE-416, indicating a Use After Free condition, which can lead to serious security implications such as arbitrary code execution or privilege escalation. The CVSS v3.1 base score is 7.8, reflecting a high severity level. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). This means an attacker with local access but limited privileges could exploit this flaw to gain unauthorized access to sensitive data, modify system integrity, or disrupt system availability. No known exploits are currently reported in the wild, and no patches or fixes have been linked yet. The vulnerability is significant because GPU drivers operate at the kernel level and have direct access to hardware resources, making exploitation potentially impactful on system stability and security.

For European organizations, the impact of this vulnerability could be substantial, especially for those relying on devices or systems incorporating Arm 5th Gen GPUs, such as mobile devices, embedded systems, or specialized computing platforms. Successful exploitation could allow local attackers to escalate privileges, bypass security controls, or execute arbitrary code within the kernel context, leading to data breaches, system compromise, or denial of service. This is particularly critical for sectors with stringent data protection requirements, such as finance, healthcare, and critical infrastructure, where confidentiality and integrity are paramount. The local attack vector means that attackers would need some form of access to the device, which could be achieved through compromised user accounts or malicious insiders. Given the high impact on confidentiality, integrity, and availability, organizations could face regulatory consequences under GDPR if personal data is exposed or systems are disrupted. Additionally, the lack of current patches increases the window of exposure, necessitating immediate risk mitigation.

To mitigate this vulnerability effectively, European organizations should: 1) Identify and inventory all devices and systems using Arm 5th Gen GPUs with the affected driver versions to understand exposure. 2) Restrict local access to trusted users only, employing strict access controls and monitoring for unusual local activity. 3) Implement application whitelisting and endpoint detection and response (EDR) solutions to detect and prevent exploitation attempts. 4) Employ kernel-level integrity monitoring to detect anomalous behavior related to GPU driver operations. 5) Engage with Arm Ltd and device vendors to obtain and deploy patches or firmware updates as soon as they become available. 6) Consider temporary mitigations such as disabling GPU acceleration features in high-risk environments if feasible. 7) Conduct user awareness training to reduce the risk of local compromise that could lead to exploitation. 8) Monitor security advisories and threat intelligence feeds for any emerging exploit information or updated mitigation guidance.