Overview
CVE-2025-6349 is a critical use-after-free (UAF) vulnerability affecting Arm Ltd Valhall GPU Kernel Driver and Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver. This flaw allows a local, non-privileged user process to potentially gain unauthorized access to already freed memory by performing improper GPU memory processing operations. This vulnerability exists in versions r53p0 through r54p1 of both the Valhall and 5th Gen GPU Kernel Drivers.
Technical Details
The vulnerability stems from improper handling of GPU memory resources after they have been freed. Specifically, a race condition or incorrect synchronization mechanism allows a user-mode process to continue accessing memory that has already been released back to the system. This can lead to a number of security issues, including:
- Information Leakage: Reading sensitive data from the freed memory.
- Code Execution: Overwriting the freed memory with malicious data and potentially executing arbitrary code with kernel privileges.
- Denial of Service: Crashing the system due to memory corruption.
CVSS Analysis
Currently, the CVSS score and severity are marked as N/A. However, given the nature of a use-after-free vulnerability in a kernel driver, especially one that can be triggered by a non-privileged user, this vulnerability is likely to be assessed as HIGH or CRITICAL once a CVSS score is assigned.
A high CVSS score is anticipated because the impact of successful exploitation could be severe, leading to complete system compromise.
Possible Impact
The potential impact of CVE-2025-6349 is significant. Successful exploitation could allow a malicious actor to:
- Gain root privileges on the affected system.
- Steal sensitive data.
- Install malware.
- Completely compromise the system and use it as a launchpad for further attacks.
Even a simple denial-of-service condition could disrupt critical services relying on the affected system.
Mitigation and Patch Steps
The primary mitigation step is to apply the security patch provided by Arm. Contact your device manufacturer or operating system vendor to obtain the updated drivers. It is highly recommended to apply the patch as soon as possible to mitigate the risk of exploitation.
Until a patch is available, consider the following (less effective) temporary mitigations:
- Monitor system logs for unusual GPU activity.
- Restrict user access to GPU resources where possible. This is often impractical but may be necessary in high-security environments.