Improper Restriction of Operations in Arm GPU Userspace Drivers
CVE-2025-0050

5.9MEDIUM

Key Information:

Vendor

Arm
Status
Valhall Gpu Userspace Driver
Arm 5th Gen Gpu Architecture Userspace Driver
Bifrost Gpu Userspace Driver
Vendor
CVE Published:
7 April 2025

What is CVE-2025-0050?

A vulnerability in Arm Ltd's GPU Userspace Drivers, including Bifrost, Valhall, and the Arm 5th Gen architecture, allows non-privileged user processes to perform valid GPU operations that extend beyond allocated memory buffer bounds. This situation potentially exposes sensitive areas of memory, raising security concerns, particularly when utilizing WebGL and WebGPU technologies, which facilitate 3D rendering in web applications. Affected versions span various releases, making prompt attention necessary to mitigate risks associated with this flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Arm 5th Gen GPU Architecture Userspace Driver r41p0

Arm 5th Gen GPU Architecture Userspace Driver r50p0

Bifrost GPU Userspace Driver r0p0

References

https://developer.arm.com/documentation/110435/latest/

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.