CVE-2025-1246Improper Restriction of Operations within the Bounds of a Memory Buffer in ARM 5TH GEN GPU Architecture Userspace Driver

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
ARM 5TH GEN GPU Architecture Userspace DriverARM Bifrost GPU Userspace DriverARM Valhall GPU Userspace Driver+4 more
Timeline
PublishedJun 2
Latest updateSep 1

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: fro

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDarm/bifrost_gpu_userspace_driverr48p0r49p4+2
NVDarm/valhall_gpu_userspace_driverr28p0r49p4+1
CVEListV5arm_ltd/bifrost_gpu_userspace_driverr18p0r49p3+1
CVEListV5arm_ltd/valhall_gpu_userspace_driverr28p0r49p3+1

🔴Vulnerability Details

1
GHSA
GHSA-qqx6-6jxm-2crq: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Use2025-06-02

📋Vendor Advisories

1
Android
CVE-2025-1246: Mali2025-09-01