Medium

Use-After-Free in Arm Valhall and 5th Gen GPU Architecture Kernel Driver

IdentifiersCVE-2025-8045CWE-416· Use After Free

CVE-2025-8045 is a use-after-free vulnerability in Arm Ltd's Valhall GPU Kernel Driver and Arm 5th Gen GPU Architecture Kernel Driver. According to the provided description, a local non-privileged user process can perform improper GPU processing operations that result in access to memory that has already been freed. The issue affects Valhall GPU Kernel Driver versions r53p0 through r54p1 and Arm 5th Gen GPU Architecture Kernel Driver versions r53p0 through r54p1. As a kernel-driver memory-safety flaw reachable from a local unprivileged process, the vulnerability can expose stale kernel-adjacent memory contents and may enable further memory corruption depending on allocator state and driver execution context.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a local unprivileged process to access already freed memory through the vulnerable Arm GPU kernel driver. This can lead to unauthorized access to sensitive data resident in reused memory and may also create conditions for memory corruption within the kernel driver context. In practical terms, the impact can include information disclosure and potentially local privilege escalation or broader compromise of device integrity, depending on how the freed object is reused and whether the attacker can shape subsequent allocations.

Mitigation

If you can’t patch tonight, do this now.

Where immediate patching is not possible, reduce exposure by limiting execution of untrusted local code and applications on affected devices, especially code able to interact heavily with GPU interfaces. Enforce application vetting, least-privilege deployment, and device management controls to reduce the chance that a local unprivileged process can reach the vulnerable driver paths. On Android fleets, prioritize deployment of the 2025-12-05 patch level or vendor-equivalent firmware containing the Arm driver fix, and restrict use of unsupported or delayed-update devices until remediation is confirmed.

Remediation

Patch, then assume compromise.

Update the affected Arm GPU kernel driver to a version newer than r54p1 that includes the vendor's fix. For Android deployments, apply the relevant OEM or platform security update that incorporates the December 2025 Android Security Bulletin fixes, and ensure vendor GPU driver updates are included rather than relying solely on framework patch level reporting. Validate that devices are no longer running Valhall GPU Kernel Driver or Arm 5th Gen GPU Architecture Kernel Driver versions from r53p0 through r54p1.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Arm5th Gen Gpu Architecture Kernel Driverapplication

ArmValhall Gpu Kernel Driverapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app

socradar blogNews

Dec 2, 2025

December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited

High-severity vulnerability affecting Arm Mali GPU components (GPU driver class issues such as memory corruption/information disclosure/local privilege escalation are mentioned generally).

cyberthroneNews

Dec 2, 2025

Android Patch Update December 2025

High-severity ARM Mali GPU driver vulnerability fixed via vendor updates; could undermine graphics isolation and be chained with other issues.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-8045

NVD

nvd.nist.gov/vuln/detail/CVE-2025-8045

MITRE CWE · CWE-416

Use After Free

Vendor Advisory

developer.arm.com/documentation/110697/latest