CVE-2025-2879 — Sensitive Information Exposure in ARM 5TH GEN GPU Architecture Kernel Driver

CWE-200 — Sensitive Information Exposure CWE-770 — Allocation of Resources Without Limits or Throttling CWE-662 — Improper Synchronization4 documents4 sources

Severity

5.1MEDIUMNVD

EPSS

0.0%

top 94.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM 5TH GEN GPU Architecture Kernel Driver ARM Valhall GPU Kernel Driver ARM LTD ARM 5TH GEN GPU Architecture Kernel Driver +24 more

Timeline

PublishedDec 1

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.5 | Impact: 2.5

Affected Packages27 packages

▶NVDarm/valhall_gpu_kernel_driverr29p0 — r49p5+1

▶NVDarm/5th_gen_gpu_architecture_kernel_driverr41p0 — r49p5+1

▶CVEListV5arm_ltd/valhall_gpu_kernel_driverr29p0 — r49p4+1

▶CVEListV5arm_ltd/arm_5th_gen_gpu_architecture_kernel_driverr41p0 — r49p4+1

▶msrcmsrc/azl3_containerized-data-importer_1.57.0-3_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-6hx6-8jw7-pgww: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Ke↗2025-12-01

▶

📋Vendor Advisories

Red Hat

kernel: usbnet: Fix using smp_processor_id() in preemptible code warnings↗2025-11-12

▶

Microsoft

Unbounded memory consumption when reading headers in archive/tar↗2022-10-11

▶