CVE-2025-0050
published 2025-04-07CVE-2025-0050: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace…
PriorityP426medium5.9CVSS 3.1
AVLACLPRNUINSUCLILAL
EPSS
0.15%
4.3th percentile
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations, including via WebGL or WebGPU, to access a limited amount outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r0p0 through r49p2, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r19p0 through r49p2, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p2, from r50p0 through r53p0.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | 5th_gen_gpu_architecture_userspace_driver | >= r41p0 < r49p3 | r49p3 |
| arm | 5th_gen_gpu_architecture_userspace_driver | >= r50p0 < r54p0 | r54p0 |
| arm | bifrost_gpu_userspace_driver | >= r0p0 < r49p3 | r49p3 |
| arm | bifrost_gpu_userspace_driver | r50p0 – r51p0 | — |
| arm | valhall_gpu_userspace_driver | >= r19p0 < r49p3 | r49p3 |
| arm | valhall_gpu_userspace_driver | >= r50p0 < r54p0 | r54p0 |
| arm_ltd | arm_5th_gen_gpu_architecture_userspace_driver | r41p0 – r49p2 | — |
| arm_ltd | arm_5th_gen_gpu_architecture_userspace_driver | r50p0 – r53p0 | — |
| arm_ltd | bifrost_gpu_userspace_driver | r0p0 – r49p2 | — |
| arm_ltd | bifrost_gpu_userspace_driver | r50p0 – r51p0 | — |
| arm_ltd | valhall_gpu_userspace_driver | r19p0 – r49p2 | — |
| arm_ltd | valhall_gpu_userspace_driver | r50p0 – r53p0 | — |
| android | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2025-0050: Mali
vendor_android·2025-04-01·CVSS 5.9
CVE-2025-0050 [MEDIUM] CVE-2025-0050: Mali
Android Security Bulletin 2025-04-01
CVE: CVE-2025-0050
Severity: HIGH
Component: Mali
References: A-384996147
*
GHSA
GHSA-633m-895c-3f9g: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Use
ghsa_unreviewed·2025-04-07
CVE-2025-0050 [MEDIUM] CWE-119 GHSA-633m-895c-3f9g: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Use
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations, including via WebGL or WebGPU, to access a limited amount outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r0p0 through r49p2, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r19p0 through r49p2, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p2, from r50p0 through r53p0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-07
Published