CVE-2025-1246
published 2025-06-02CVE-2025-1246: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace…
PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.14%
3.4th percentile
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r28p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p3, from r50p0 through r54p0.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | 5th_gen_gpu_architecture_userspace_driver | >= r41p0 < r49p4 | r49p4 |
| arm | 5th_gen_gpu_architecture_userspace_driver | >= r50p0 < r54p1 | r54p1 |
| arm | bifrost_gpu_userspace_driver | — | — |
| arm | bifrost_gpu_userspace_driver | — | — |
| arm | bifrost_gpu_userspace_driver | >= r48p0 < r49p4 | r49p4 |
| arm | valhall_gpu_userspace_driver | >= r28p0 < r49p4 | r49p4 |
| arm | valhall_gpu_userspace_driver | >= r50p0 < r54p1 | r54p1 |
| arm_ltd | arm_5th_gen_gpu_architecture_userspace_driver | r41p0 – r49p3 | — |
| arm_ltd | arm_5th_gen_gpu_architecture_userspace_driver | r50p0 – r54p0 | — |
| arm_ltd | bifrost_gpu_userspace_driver | r18p0 – r49p3 | — |
| arm_ltd | bifrost_gpu_userspace_driver | r50p0 – r51p0 | — |
| arm_ltd | valhall_gpu_userspace_driver | r28p0 – r49p3 | — |
| arm_ltd | valhall_gpu_userspace_driver | r50p0 – r54p0 | — |
| android | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2025-1246: Mali
vendor_android·2025-09-01·CVSS 7.8
CVE-2025-1246 [HIGH] CVE-2025-1246: Mali
Android Security Bulletin 2025-09-01
CVE: CVE-2025-1246
Severity: HIGH
Component: Mali
References: A-402121892
*
GHSA
GHSA-qqx6-6jxm-2crq: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Use
ghsa_unreviewed·2025-06-02
CVE-2025-1246 [HIGH] CWE-119 GHSA-qqx6-6jxm-2crq: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Use
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r28p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p3, from r50p0 through r54p0.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-02
Published