CVE-2025-3212
📋 TL;DR
A Use After Free vulnerability in Arm GPU kernel drivers allows local non-privileged users to access freed memory through GPU operations. This affects Bifrost, Valhall, and Arm 5th Gen GPU drivers across multiple versions. Attackers could potentially escalate privileges or cause system instability.
💻 Affected Systems
- Arm Ltd Bifrost GPU Kernel Driver
- Arm Ltd Valhall GPU Kernel Driver
- Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver
📦 What is this software?
5th Gen Gpu Architecture Kernel Driver by Arm
View all CVEs affecting 5th Gen Gpu Architecture Kernel Driver →
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise, kernel memory corruption, or denial of service.
Likely Case
Local privilege escalation allowing attackers to gain elevated permissions on the affected system.
If Mitigated
Limited impact if proper access controls restrict local user access and privilege escalation is prevented.
🎯 Exploit Status
Requires local access and knowledge of GPU memory operations. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after the affected ranges: Bifrost > r51p0, Valhall > r54p0, Arm 5th Gen > r54p0
Vendor Advisory: https://developer.arm.com/documentation/110627/latest
Restart Required: No
Instructions:
1. Check current GPU driver version. 2. Update to patched driver version from Arm or device manufacturer. 3. Apply kernel updates if provided by OS vendor. 4. Verify driver version after update.
🔧 Temporary Workarounds
Restrict local user access
allLimit local user accounts and implement strict access controls to reduce attack surface.
Disable unnecessary GPU features
allDisable GPU acceleration for non-essential applications if possible.
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor for unusual GPU memory operations or privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check GPU driver version via 'cat /sys/class/misc/mali0/device/driver/version' or similar device-specific commandsCheck Version:
cat /sys/class/misc/mali0/device/driver/version 2>/dev/null || echo 'Check device-specific documentation'Verify Fix Applied:
Verify driver version is outside affected ranges after update📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing memory corruption, GPU driver crashes, or privilege escalation attempts
Network Indicators:
- None - local exploit only
SIEM Query:
Search for kernel logs containing 'mali', 'GPU', 'use-after-free', or privilege escalation events from non-privileged users