Overview
CVE-2025-8045 is a use-after-free vulnerability discovered in the Arm Ltd Valhall GPU Kernel Driver and the Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver. This flaw allows a local, non-privileged user process to exploit the GPU by performing improper processing operations that lead to accessing already freed memory. This can potentially lead to system instability, information disclosure, or even arbitrary code execution.
The affected versions are Valhall GPU Kernel Driver and Arm 5th Gen GPU Architecture Kernel Driver from r53p0 through r54p1.
Technical Details
A use-after-free vulnerability occurs when a program attempts to access memory that has already been freed. In the context of the Arm GPU kernel drivers, this happens due to improper handling of GPU processing operations. A local, unprivileged user can craft specific GPU commands that, when processed by the driver, can trigger a scenario where memory is freed but subsequently accessed again. This access leads to unpredictable behavior, as the freed memory may now contain unrelated data.
The precise mechanism by which a non-privileged user can trigger this bug requires careful analysis of the GPU driver’s code. It likely involves a combination of carefully crafted GPU operations that interact with memory management routines in a way that the driver doesn’t anticipate.
CVSS Analysis
The provided information states that the CVSS score is N/A. This might be because the vulnerability’s impact and exploitability are still being assessed, or because Arm has chosen not to publish a CVSS score. It is advisable to check the vendor advisory for updated information on the CVSS score as it becomes available.
However, the *potential* impact of a use-after-free vulnerability in a kernel driver is significant. It’s likely to be considered High or Critical once a score is assigned, given the potential for kernel-level access and the ability for a local user to trigger the issue.
Possible Impact
Exploitation of CVE-2025-8045 can have severe consequences:
- Information Disclosure: Attackers could potentially read sensitive data stored in the freed memory.
- Denial of Service (DoS): Triggering the vulnerability may cause the system to crash or become unstable.
- Code Execution: In some scenarios, attackers might be able to leverage the use-after-free to execute arbitrary code with kernel privileges, gaining complete control over the system.
- Privilege Escalation: Although a non-privileged user triggers it, the vulnerability occurs in the kernel, so successful exploitation elevates privileges to kernel level.
Mitigation or Patch Steps
The primary mitigation strategy is to update your Arm GPU Kernel Drivers to a version that is not affected by this vulnerability. This means updating to a version later than r54p1 for both Valhall and 5th Gen GPU architectures.
Follow these steps:
- Identify your GPU and driver version: Determine which Arm GPU you are using and its current driver version.
- Check for updates: Visit your device manufacturer’s website or use the device’s built-in update mechanism to check for available driver updates.
- Install the latest driver: Download and install the latest driver package. Ensure the updated version is later than r54p1.
- Verify the update: After installation, confirm that the driver has been successfully updated to the patched version.