CVE-2025-3212
published 2025-09-08CVE-2025-3212: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows…
PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.30%
22.0th percentile
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p4, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | 5th_gen_gpu_architecture_kernel_driver | r41p0 – r49p4 | — |
| arm | 5th_gen_gpu_architecture_kernel_driver | >= r50p0 < r54p1 | r54p1 |
| arm | bifrost_gpu_kernel_driver | r41p0 – r49p4 | — |
| arm | bifrost_gpu_kernel_driver | >= r50p0 < r54p1 | r54p1 |
| arm | valhall_gpu_kernel_driver | r41p0 – r49p4 | — |
| arm | valhall_gpu_kernel_driver | >= r50p0 < r54p1 | r54p1 |
| arm_ltd | arm_5th_gen_gpu_architecture_kernel_driver | r41p0 – r49p4 | — |
| arm_ltd | arm_5th_gen_gpu_architecture_kernel_driver | r50p0 – r54p0 | — |
| arm_ltd | bifrost_gpu_kernel_driver | r41p0 – r49p4 | — |
| arm_ltd | bifrost_gpu_kernel_driver | r50p0 – r51p0 | — |
| arm_ltd | valhall_gpu_kernel_driver | r41p0 – r49p4 | — |
| arm_ltd | valhall_gpu_kernel_driver | r50p0 – r54p0 | — |
| android | — | — | |
| msrc | cbl2_kernel_5.15.118.1-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_kernel_5.10.185.1-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vendor_msrc4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q5gx-qj4h-ghfh: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driv
ghsa_unreviewed·2025-09-08
CVE-2025-3212 [MEDIUM] CWE-416 GHSA-q5gx-qj4h-ghfh: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driv
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p4, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.
Android
CVE-2025-3212: Mali
vendor_android·2025-09-01·CVSS 5.3
CVE-2025-3212 [MEDIUM] CVE-2025-3212: Mali
Android Security Bulletin 2025-09-01
CVE: CVE-2025-3212
Severity: HIGH
Component: Mali
References: A-421179224
*
Microsoft
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure a
vendor_msrc·2023-06-13·CVSS 4.4
CVE-2023-3212 [MEDIUM] CWE-476 A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure a
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-08
Published