Use After Free Vulnerability in Arm Ltd Valhall GPU Kernel Driver
CVE-2025-0072

7.8HIGH

Key Information:

Vendor: Arm Ltd
Status: Valhall Gpu Kernel Driver; Arm 5th Gen Gpu Architecture Kernel Driver
Vendor: CVE Published:; 2 May 2025

Badges

📈 Trended📈 Score: 1,240👾 Exploit Exists📰 News Worthy

What is CVE-2025-0072?

CVE-2025-0072 is a security vulnerability categorized as a Use After Free flaw within the Valhall GPU Kernel Driver developed by Arm Ltd. This driver supports the Arm 5th Generation GPU architecture, which is integral for processing graphical tasks on systems utilizing Arm hardware. The vulnerability enables a local non-privileged user process to exploit improper memory handling, allowing access to memory that has already been deallocated. This can lead to unpredictable behavior, system instability, or unauthorized access to sensitive information, posing significant risks for organizations relying on Arm-based graphics processing.

The affected versions of the Valhall GPU Kernel Driver include releases from r29p0 to r49p3 and r50p0 to r53p0. The consequences of this vulnerability could escalate if an attacker uses it to manipulate system resources or extract confidential data, emphasizing the need for swift remediation to protect systems against potential exploitation.

Potential impact of CVE-2025-0072

Unauthorized Access: Attackers could gain access to freed memory spaces, potentially retrieving confidential data or sensitive information that could compromise organizational security.
System Instability: By exploiting this vulnerability, malicious actors might induce system crashes or unexpected behavior, affecting productivity and reliability of systems that depend on the GPU driver for operation.
Increased Attack Surface: The presence of this vulnerability could provide a foothold for further exploits, as attackers may leverage manipulated memory to execute additional malicious code, increasing the overall risk to the organization's IT infrastructure.