Skip to main content

CVE-2025-0073: CWE-416 Use After Free in Arm Ltd Valhall GPU Kernel Driver

High
VulnerabilityCVE-2025-0073cvecve-2025-0073cwe-416
Published: Mon Jun 02 2025 (06/02/2025, 11:04:17 UTC)
Source: CVE Database V5
Vendor/Project: Arm Ltd
Product: Valhall GPU Kernel Driver

Description

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 before r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 before r54p0.

AI-Powered Analysis

AILast updated: 07/11/2025, 08:16:17 UTC

Technical Analysis

CVE-2025-0073 is a high-severity Use After Free (UAF) vulnerability identified in the Arm Ltd Valhall GPU Kernel Driver, specifically affecting the Arm 5th Generation GPU Architecture Kernel Driver versions from r53p0 up to but not including r54p0. This vulnerability arises due to improper handling of GPU memory operations by a local, non-privileged user process, which can access memory that has already been freed. The flaw is categorized under CWE-416, indicating that the kernel driver fails to properly manage the lifecycle of allocated memory, leading to potential use of dangling pointers. Exploiting this vulnerability could allow an attacker with local access to execute arbitrary code with elevated privileges, compromise system integrity, and cause denial of service by corrupting kernel memory. The CVSS v3.1 base score of 7.8 reflects the significant impact on confidentiality, integrity, and availability, with low attack complexity and requiring only limited privileges but no user interaction. Although no known exploits are currently reported in the wild, the vulnerability's nature and the critical role of GPU drivers in modern computing environments make it a serious concern. The lack of available patches at the time of publication underscores the urgency for affected organizations to monitor for updates and implement interim mitigations. This vulnerability is particularly relevant for systems using Arm's Valhall GPU architecture, commonly found in embedded devices, mobile platforms, and increasingly in edge computing and server environments leveraging Arm-based processors.

Potential Impact

For European organizations, the impact of CVE-2025-0073 can be substantial, especially those relying on Arm-based hardware with Valhall GPU architecture in their infrastructure. The vulnerability allows local attackers to escalate privileges and potentially execute arbitrary code within the kernel context, threatening the confidentiality and integrity of sensitive data and critical applications. This can lead to unauthorized data access, system compromise, and service disruptions. Industries such as telecommunications, automotive, industrial control systems, and IoT deployments, which increasingly adopt Arm-based solutions, may face heightened risks. Additionally, sectors handling sensitive personal data under GDPR regulations could suffer compliance violations if breaches occur due to exploitation. The vulnerability's exploitation could also facilitate lateral movement within networks, undermining overall organizational security posture. Given the growing adoption of Arm architectures in European data centers and edge computing, the threat extends beyond consumer devices to enterprise and critical infrastructure environments.

Mitigation Recommendations

To mitigate CVE-2025-0073 effectively, European organizations should: 1) Immediately inventory and identify all systems utilizing the affected Valhall GPU Kernel Driver versions (r53p0 to before r54p0). 2) Monitor Arm Ltd's official channels for the release of security patches or updated driver versions and prioritize timely deployment once available. 3) Implement strict access controls to limit local user privileges, reducing the risk of exploitation by non-privileged users. 4) Employ kernel-level exploit mitigation techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Page-Table Isolation (KPTI) where supported to increase exploitation difficulty. 5) Use application whitelisting and endpoint detection and response (EDR) solutions to detect anomalous behavior indicative of exploitation attempts. 6) For environments where patching is delayed, consider isolating vulnerable systems or restricting access to trusted users only. 7) Conduct regular security audits and penetration testing focusing on GPU driver vulnerabilities and privilege escalation paths. 8) Educate system administrators and security teams about the specific risks associated with GPU driver vulnerabilities to enhance incident response readiness.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Arm
Date Reserved
2024-12-13T13:29:39.367Z
Cvss Version
null
State
PUBLISHED

Threat ID: 683d94ca182aa0cae242798b

Added to database: 6/2/2025, 12:10:50 PM

Last enriched: 7/11/2025, 8:16:17 AM

Last updated: 8/14/2025, 1:49:57 PM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats