CVE-2025-0050Improper Restriction of Operations within the Bounds of a Memory Buffer in ARM 5TH GEN GPU Architecture Userspace Driver

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 73.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
ARM 5TH GEN GPU Architecture Userspace DriverARM Bifrost GPU Userspace DriverARM Valhall GPU Userspace Driver+4 more
Timeline
PublishedApr 7

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations, including via WebGL or WebGPU, to access a limited amount outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r0p0 through r49p2, from r50p0 through r51p0; Valhall GPU Userspac

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.5 | Impact: 3.4

Affected Packages7 packages

NVDarm/bifrost_gpu_userspace_driverr0p0r49p3+1
NVDarm/valhall_gpu_userspace_driverr19p0r49p3+1
CVEListV5arm_ltd/bifrost_gpu_userspace_driverr0p0r49p2+1
CVEListV5arm_ltd/valhall_gpu_userspace_driverr19p0r49p2+1

🔴Vulnerability Details

1
GHSA
GHSA-633m-895c-3f9g: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Use2025-04-07

📋Vendor Advisories

1
Android
CVE-2025-0050: Mali2025-04-01