cbcvebase.
CVE-2025-1246
published 2025-06-02

CVE-2025-1246: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace…

PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.14%
3.4th percentile
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r28p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p3, from r50p0 through r54p0.

Affected

14 ranges
VendorProductVersion rangeFixed in
arm5th_gen_gpu_architecture_userspace_driver>= r41p0 < r49p4r49p4
arm5th_gen_gpu_architecture_userspace_driver>= r50p0 < r54p1r54p1
armbifrost_gpu_userspace_driver
armbifrost_gpu_userspace_driver
armbifrost_gpu_userspace_driver>= r48p0 < r49p4r49p4
armvalhall_gpu_userspace_driver>= r28p0 < r49p4r49p4
armvalhall_gpu_userspace_driver>= r50p0 < r54p1r54p1
arm_ltdarm_5th_gen_gpu_architecture_userspace_driverr41p0 – r49p3
arm_ltdarm_5th_gen_gpu_architecture_userspace_driverr50p0 – r54p0
arm_ltdbifrost_gpu_userspace_driverr18p0 – r49p3
arm_ltdbifrost_gpu_userspace_driverr50p0 – r51p0
arm_ltdvalhall_gpu_userspace_driverr28p0 – r49p3
arm_ltdvalhall_gpu_userspace_driverr50p0 – r54p0
googleandroid
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.