cbcvebase.
CVE-2025-2879
published 2025-12-01

CVE-2025-2879: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel…

PriorityP422medium5.1CVSS 3.1
AVLACLPRNUINSUCLILAN
EPSS
0.11%
1.7th percentile
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
arm5th_gen_gpu_architecture_kernel_driver>= r41p0 < r49p5r49p5
arm5th_gen_gpu_architecture_kernel_driver>= r50p0 < r54p1r54p1
armvalhall_gpu_kernel_driver>= r29p0 < r49p5r49p5
armvalhall_gpu_kernel_driver>= r50p0 < r54p1r54p1
arm_ltdarm_5th_gen_gpu_architecture_kernel_driverr41p0 – r49p4
arm_ltdarm_5th_gen_gpu_architecture_kernel_driverr50p0 – r54p0
arm_ltdvalhall_gpu_kernel_driverr29p0 – r49p4
arm_ltdvalhall_gpu_kernel_driverr50p0 – r54p0
msrcazl3_containerized-data-importer_1.57.0-14_on_azure_linux_3.0
msrcazl3_containerized-data-importer_1.57.0-3_on_azure_linux_3.0
msrcazl3_gcc_13.2.0-7_on_azure_linux_3.0
msrcazl3_gh_2.62.0-8_on_azure_linux_3.0
msrcazl3_golang_1.24.3-1_on_azure_linux_3.0
msrcazl3_ig_0.25.0-2_on_azure_linux_3.0
msrcazl3_ig_0.29.0-1_on_azure_linux_3.0
msrcazl3_libcontainers-common_20240213-2_on_azure_linux_3.0
msrcazl3_libcontainers-common_20240213-3_on_azure_linux_3.0
msrcazl3_moby-engine_25.0.3-13_on_azure_linux_3.0
msrcazl3_moby-engine_25.0.3-3_on_azure_linux_3.0
msrcazl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0
msrcazl3_skopeo_1.14.4-1_on_azure_linux_3.0
msrcazl3_skopeo_1.14.4-5_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-9_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64

CVSS provenance

nvdv3.15.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vendor_msrc7.5HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.