CVE-2025-0073 – A Use After Free vulnerability in Arm's Valhall... (How to Fix)

Q: What is the severity of CVE-2025-0073?

CVE-2025-0073 has a CVSS score of 7.8 (HIGH). A Use After Free vulnerability in Arm's Valhall and 5th Gen GPU kernel drivers allows a local non-privileged user to access freed memory through improper GPU memory processing. This affects devices using these GPU drivers from version r53p0 up to but not including r54p0. Attackers could potentially escalate privileges or cause system instability.

📋 TL;DR

A Use After Free vulnerability in Arm's Valhall and 5th Gen GPU kernel drivers allows a local non-privileged user to access freed memory through improper GPU memory processing. This affects devices using these GPU drivers from version r53p0 up to but not including r54p0. Attackers could potentially escalate privileges or cause system instability.

💻 Affected Systems

Products:

Arm Ltd Valhall GPU Kernel Driver
Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver

Versions: from r53p0 before r54p0

Operating Systems: Android, Linux distributions with affected Arm GPU drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using Arm Mali GPUs with the specified driver versions. Mobile devices, embedded systems, and some servers may be impacted.

📦 What is this software?

5th Gen Gpu Architecture Kernel Driver by Arm

View all CVEs affecting 5th Gen Gpu Architecture Kernel Driver →

Valhall Gpu Kernel Driver by Arm

View all CVEs affecting Valhall Gpu Kernel Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level access, allowing complete system compromise, data theft, or persistent malware installation.

🟠

Likely Case

Local privilege escalation enabling unauthorized access to system resources, potential denial of service through system crashes, or information disclosure.

🟢

If Mitigated

Limited impact with proper access controls, but still risk of system instability or information leakage from freed memory.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring user access to the system.

🏢 Internal Only: HIGH - Local users or compromised accounts could exploit this to gain elevated privileges on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of GPU memory operations. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: r54p0

Vendor Advisory: https://developer.arm.com/documentation/110466/latest/

Restart Required: Yes

Instructions:

1. Check current GPU driver version. 2. Update to r54p0 or later. 3. For Android devices, wait for OEM security updates. 4. For Linux systems, update kernel or GPU driver packages. 5. Reboot system after update.

🔧 Temporary Workarounds

Restrict local user access

all

Limit non-privileged user accounts on affected systems to reduce attack surface

Disable unnecessary GPU features

linux

Reduce GPU functionality to minimize attack vectors if possible

🧯 If You Can't Patch

Implement strict access controls and limit local user privileges
Monitor systems for unusual GPU-related activity or privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check GPU driver version via 'cat /sys/class/misc/mali0/device/driver/version' or similar system-specific commands

Check Version:

cat /sys/class/misc/mali0/device/driver/version 2>/dev/null || echo 'Check system-specific GPU driver documentation'

Verify Fix Applied:

Verify driver version is r54p0 or later using the same version check command

📡 Detection & Monitoring

Log Indicators:

Kernel panic or oops messages related to GPU/mali driver
Unusual privilege escalation attempts
Failed GPU memory operations in system logs

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("mali" OR "GPU" OR "use-after-free") AND severity>=medium

📊 Metadata

CVE ID: CVE-2025-0073

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (6th percentile)

Published: June 2, 2025

Last Updated: July 2, 2025

🔗 References

https://developer.arm.com/documentation/110466/latest/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0073, you might also want to check these: