Listen to this Post
How the CVE Works:
CVE-2025-0073 is a Use-After-Free (UAF) vulnerability affecting Arm Ltd’s Valhall GPU Kernel Driver and 5th Gen GPU Architecture Kernel Driver. The flaw occurs when a local non-privileged user process manipulates GPU memory operations improperly, accessing freed memory. This happens due to insufficient cleanup of GPU memory references after deallocation, allowing attackers to exploit dangling pointers. The vulnerability affects driver versions from r53p0 before r54p0, enabling potential privilege escalation or arbitrary code execution in the kernel context.
DailyCVE Form:
Platform: Arm GPU Kernel Drivers
Version: r53p0 to r53pX
Vulnerability: Use-After-Free
Severity: Critical
Date: 06/02/2025
Prediction: Patch expected by 08/2025
What Undercode Say:
Analytics:
dmesg | grep "GPU memory fault" perf stat -e gpu_mem_ops -a
Exploit:
void trigger_uaf() {
map_gpu_mem();
free_gpu_mem();
access_freed_mem();
}
Protection from this CVE:
- Update to r54p0 or later.
- Restrict GPU driver permissions.
- Enable kernel memory sanitizers.
Impact:
- Kernel privilege escalation.
- Arbitrary code execution.
- System compromise.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
