Use After Free Vulnerability in Arm Ltd Bifrost and Valhall GPU Kernel Drivers
CVE-2025-0427

7.8HIGH

Key Information:

Vendor

Arm Ltd

Status
Bifrost Gpu Kernel Driver
Valhall Gpu Kernel Driver
Arm 5th Gen Gpu Architecture Kernel Driver
Vendor
CVE Published:
2 May 2025

What is CVE-2025-0427?

A vulnerability has been identified in the Arm Ltd Bifrost and Valhall GPU Kernel Drivers, where a local non-privileged user process can exploit use-after-free conditions. This allows unauthorized access to already freed memory, potentially affecting the stability and security of systems utilizing these drivers. The affected versions span multiple releases, highlighting a significant security concern that needs addressing. Users and administrators are encouraged to review their systems for impacted versions and apply recommended security updates.

Affected Version(s)

Arm 5th Gen GPU Architecture Kernel Driver r41p0

Arm 5th Gen GPU Architecture Kernel Driver r50p0

Bifrost GPU Kernel Driver r8p0

References

https://developer.arm.com/documentation/110465/latest/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-0427 : Use After Free Vulnerability in Arm Ltd Bifrost and Valhall GPU Kernel Drivers