A Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. Five years running.A Leader in the Gartner® Magic Quadrant™Read the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI Security Portfolio
      Leading the Way in AI-Powered Security Solutions
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly ingest data from on-prem, cloud or hybrid environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Identity Security
    • Singularity Identity
      Identity Threat Detection and Response
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-class Expertise and Threat Intelligence.
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      Digital Forensics, IRR & Breach Readiness
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive solutions for seamless security operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • Partner Locator
      Your go-to source for our top partners in your region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-8045

CVE-2025-8045: Arm 5th Gen GPU Driver Use After Free Flaw

CVE-2025-8045 is a use after free vulnerability in Arm 5th Gen GPU Architecture Kernel Driver that allows local attackers to access freed memory. This article covers the technical details, affected versions, and mitigation.

Updated: January 22, 2026

CVE-2025-8045 Overview

CVE-2025-8045 is a Use After Free vulnerability affecting Arm Ltd Valhall GPU Kernel Driver and Arm 5th Gen GPU Architecture Kernel Driver. This memory corruption flaw allows a local non-privileged user process to perform improper GPU processing operations, gaining access to already freed memory regions. The vulnerability has been classified as Medium severity with a CVSS score of 4.0.

Critical Impact

Local attackers can exploit improper GPU memory management to access freed memory, potentially leading to information disclosure on affected Arm GPU systems.

Affected Products

  • Arm Valhall GPU Kernel Driver versions r53p0 through r54p1
  • Arm 5th Gen GPU Architecture Kernel Driver versions r53p0 through r54p1

Discovery Timeline

  • 2025-12-01 - CVE-2025-8045 published to NVD
  • 2025-12-02 - Last updated in NVD database

Technical Details for CVE-2025-8045

Vulnerability Analysis

This vulnerability is classified as CWE-416 (Use After Free), a critical class of memory corruption vulnerabilities. The flaw exists in Arm's GPU kernel drivers where memory that has been freed can subsequently be accessed through improper GPU processing operations.

The CVSS v3.1 vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N indicates:

  • Attack Vector: Local access required
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

The EPSS (Exploit Prediction Scoring System) data shows a probability of 0.016% with a percentile of 2.563, indicating a relatively low likelihood of exploitation in the wild.

Root Cause

The root cause of CVE-2025-8045 lies in improper memory lifecycle management within the Arm GPU kernel drivers. When GPU processing operations are performed, the driver fails to properly validate that memory references point to valid, allocated memory regions. This allows a local process to craft GPU operations that reference memory after it has been freed, creating a classic Use After Free condition.

In GPU kernel drivers, memory management is particularly complex due to the shared nature of GPU and CPU memory spaces. The vulnerability occurs when the driver does not adequately track the state of memory allocations during GPU processing operations, allowing stale pointers to be dereferenced.

Attack Vector

The attack vector for CVE-2025-8045 requires local access to the system. An attacker with local, non-privileged access can exploit this vulnerability by:

  1. Allocating GPU memory through the kernel driver interface
  2. Triggering the deallocation of that memory
  3. Initiating GPU processing operations that reference the freed memory region
  4. Reading the contents of the freed memory, potentially exposing sensitive data

The vulnerability mechanism centers on the GPU driver's failure to properly invalidate memory references when buffers are freed. When an attacker triggers GPU operations after memory deallocation, the driver may still attempt to access the freed memory region, potentially exposing data from subsequent allocations or residual data from previous operations.

Detection Methods for CVE-2025-8045

Indicators of Compromise

  • Unusual GPU driver activity from non-privileged processes
  • Abnormal memory allocation patterns in GPU-related kernel modules
  • Unexpected memory access patterns in Valhall or 5th Gen GPU kernel driver operations

Detection Strategies

Organizations should implement the following detection strategies to identify potential exploitation attempts:

  1. Kernel Auditing: Enable kernel auditing for GPU driver interactions, monitoring for unusual patterns of memory allocation and deallocation sequences
  2. Driver Version Monitoring: Implement automated scanning to identify systems running vulnerable driver versions (r53p0 through r54p1)
  3. Behavioral Analysis: Monitor for processes attempting repeated GPU memory operations with suspicious timing patterns that could indicate exploitation attempts
  4. SentinelOne Singularity: Deploy SentinelOne's kernel-level protection capabilities to detect anomalous memory access patterns and potential Use After Free exploitation attempts

Monitoring Recommendations

Security teams should prioritize monitoring systems with Arm GPUs, particularly mobile devices and embedded systems that commonly use Valhall or 5th Gen GPU architecture. Implement logging for GPU driver interactions and establish baselines for normal GPU memory operation patterns. Any deviation from established patterns should trigger alerts for further investigation.

How to Mitigate CVE-2025-8045

Immediate Actions Required

  • Update Arm GPU kernel drivers to versions newer than r54p1
  • Audit systems for vulnerable driver versions using asset management tools
  • Implement application whitelisting to restrict which processes can interact with GPU drivers
  • Enable enhanced logging for GPU driver operations on critical systems

Patch Information

Arm has released updated driver versions to address this vulnerability. Organizations should consult the official Arm security advisory at https://developer.arm.com/documentation/110697/latest/ for detailed patch information and updated driver downloads.

The patched versions include proper memory lifecycle validation during GPU processing operations, ensuring that freed memory regions cannot be accessed through subsequent GPU operations.

Workarounds

If immediate patching is not possible, organizations should consider the following temporary mitigations:

  1. Restrict Local Access: Limit local access to systems with vulnerable GPU drivers to trusted users only
  2. Application Control: Implement strict application control policies to prevent unauthorized applications from interacting with GPU drivers
  3. System Hardening: Apply additional kernel hardening measures such as enabling KASLR and other memory protection mechanisms
  4. Monitoring Enhancement: Increase monitoring and alerting sensitivity for GPU-related system calls and driver interactions

For systems running SentinelOne Singularity platform, ensure that kernel protection policies are enabled and configured to detect memory corruption exploitation attempts. Contact SentinelOne support for specific detection rules related to GPU driver vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeUse After Free
  • Vendor/TechArm
  • SeverityMEDIUM
  • CVSS Score4.0
  • EPSS Probability0.02%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-416
  • Vendor Resources
  • Vendor Advisory
  • Related CVEs
  • CVE-2025-6349
  • CVE-2025-2879
  • CVE-2025-0819
  • CVE-2025-0072
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • English
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use