CVE-2025-0015
Published: 03 February 2025
Description
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.
Security Summary
CVE-2025-0015 is a Use After Free vulnerability (CWE-416) in the Arm Ltd Valhall GPU Kernel Driver and Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver. It enables a local non-privileged user process to perform improper GPU processing operations, resulting in access to already freed memory. The issue affects Valhall GPU Kernel Driver versions from r48p0 through r49p1 and from r50p0 through r52p0, as well as Arm 5th Gen GPU Architecture Kernel Driver versions from r48p0 through r49p1 and from r50p0 through r52p0. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-02-03.
A local attacker with low privileges (PR:L) can exploit this vulnerability without user interaction (UI:N) by submitting malicious GPU workloads through a non-privileged user process. Successful exploitation grants access to freed kernel memory, potentially allowing arbitrary code execution, data corruption, or system crashes with high impacts on confidentiality, integrity, and availability in the local attack vector (AV:L).
Mitigation details are available in the Arm Security Center advisory on Mali GPU Driver Vulnerabilities at https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities.
Details
- CWE(s)