CVE-2025-2879
published 2025-12-01CVE-2025-2879: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel…
PriorityP422medium5.1CVSS 3.1
AVLACLPRNUINSUCLILAN
EPSS
0.11%
1.7th percentile
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | 5th_gen_gpu_architecture_kernel_driver | >= r41p0 < r49p5 | r49p5 |
| arm | 5th_gen_gpu_architecture_kernel_driver | >= r50p0 < r54p1 | r54p1 |
| arm | valhall_gpu_kernel_driver | >= r29p0 < r49p5 | r49p5 |
| arm | valhall_gpu_kernel_driver | >= r50p0 < r54p1 | r54p1 |
| arm_ltd | arm_5th_gen_gpu_architecture_kernel_driver | r41p0 – r49p4 | — |
| arm_ltd | arm_5th_gen_gpu_architecture_kernel_driver | r50p0 – r54p0 | — |
| arm_ltd | valhall_gpu_kernel_driver | r29p0 – r49p4 | — |
| arm_ltd | valhall_gpu_kernel_driver | r50p0 – r54p0 | — |
| msrc | azl3_containerized-data-importer_1.57.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_containerized-data-importer_1.57.0-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_gcc_13.2.0-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_gh_2.62.0-8_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.24.3-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_ig_0.25.0-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_ig_0.29.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_libcontainers-common_20240213-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_libcontainers-common_20240213-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_moby-engine_25.0.3-13_on_azure_linux_3.0 | — | — |
| msrc | azl3_moby-engine_25.0.3-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_skopeo_1.14.4-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_skopeo_1.14.4-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_tensorflow_2.16.1-9_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
CVSS provenance
nvdv3.15.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vendor_msrc7.5HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6hx6-8jw7-pgww: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Ke
ghsa_unreviewed·2025-12-01
CVE-2025-2879 [MEDIUM] CWE-200 GHSA-6hx6-8jw7-pgww: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Ke
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.
Red Hat
kernel: usbnet: Fix using smp_processor_id() in preemptible code warnings
vendor_redhat·2025-11-12·CVSS 5.5
CVE-2025-40164 [MEDIUM] CWE-662 kernel: usbnet: Fix using smp_processor_id() in preemptible code warnings
kernel: usbnet: Fix using smp_processor_id() in preemptible code warnings
In the Linux kernel, the following vulnerability has been resolved:
usbnet: Fix using smp_processor_id() in preemptible code warnings
Syzbot reported the following warning:
BUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879
caller is usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331
CPU: 1 UID: 0 PID: 2879 Comm: dhcpcd Not tainted 6.15.0-rc4-syzkaller-00098-g615dca38c2ea #0 PREEMPT(voluntary)
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
check_preemption_disabled+0xd0/0xe0 lib/smp_processor_id.c:49
usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331
usbnet_resume_rx+0x4b/0x170 drivers/net/usb/usbnet.c:708
usbnet_change_mtu+
Microsoft
Unbounded memory consumption when reading headers in archive/tar
vendor_msrc·2022-10-11·CVSS 7.5
CVE-2022-2879 [HIGH] CWE-770 Unbounded memory consumption when reading headers in archive/tar
Unbounded memory consumption when reading headers in archive/tar
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Go: Go
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://le
No detection rules found.
No public exploits indexed.
2025-12-01
Published