CVE-2025-0819 in Bifrost GPU Kernel Driver
Summary
by MITRE • 06/02/2025
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r44p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r49p3, from r50p0 through r54p0.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/03/2025
The CVE-2025-0819 vulnerability represents a critical use-after-free condition within Arm Ltd's GPU kernel drivers, specifically affecting the Bifrost, Valhall, and 5th Generation GPU architectures. This flaw exists in the kernel-level memory management subsystem that handles GPU memory operations, creating a pathway for local privilege escalation through memory corruption. The vulnerability manifests when a user process performs valid GPU memory operations that inadvertently reference memory that has already been freed by the kernel driver, leading to potential arbitrary code execution or system instability. The affected driver versions span multiple release cycles from r44p0 through r54p0, indicating a prolonged exposure window that could allow attackers to exploit this weakness across various hardware configurations.
This use-after-free vulnerability falls under CWE-416, which specifically addresses the use of freed memory conditions in software systems. The flaw operates at the kernel level where GPU memory management occurs, making it particularly dangerous as it can be exploited by non-privileged local users who do not require elevated permissions to trigger the condition. The attack vector involves a legitimate GPU memory processing operation that, when executed in a specific sequence, causes the kernel driver to reference memory that has been deallocated but not properly invalidated. This creates a window where the attacker can manipulate the freed memory location to inject malicious code or redirect execution flow, potentially leading to complete system compromise.
The operational impact of this vulnerability extends beyond simple memory corruption, as it represents a significant escalation path for local attackers who can leverage the freed memory references to execute arbitrary code with kernel privileges. The affected GPU architectures include Bifrost, Valhall, and the 5th Generation GPU implementations, which are widely deployed across mobile devices, embedded systems, and automotive platforms. Attackers can exploit this condition by carefully crafting GPU memory operations that trigger the specific timing and memory state required to reference freed memory locations. The vulnerability's persistence across multiple driver releases suggests that the underlying memory management flaw has not been adequately addressed in the kernel driver implementation, potentially allowing for exploitation across various hardware platforms and software versions.
From a cybersecurity perspective, this vulnerability aligns with ATT&CK technique T1068, which involves the exploitation of legitimate system processes to gain elevated privileges. The attack requires local access and leverages the legitimate GPU memory processing capabilities to create a memory corruption condition. The vulnerability's classification as a local privilege escalation issue means that attackers do not need network access or remote exploitation capabilities, as the attack can be executed from within the target system. Organizations should prioritize patching affected systems, as the vulnerability's exploitation can lead to complete system compromise and potential data exfiltration. The widespread deployment of affected GPU architectures across various device types makes this vulnerability particularly concerning for enterprise and mobile security teams who must ensure their systems are protected against this memory corruption attack vector.