Improper Restriction of Operations in Arm GPU Userspace Drivers
CVE-2025-0050

5.9MEDIUM

Key Information:

Vendor: Arm Ltd
Status: Valhall Gpu Userspace Driver; Arm 5th Gen Gpu Architecture Userspace Driver; Bifrost Gpu Userspace Driver
Vendor: CVE Published:; 7 April 2025

What is CVE-2025-0050?

A vulnerability in Arm Ltd's GPU Userspace Drivers, including Bifrost, Valhall, and the Arm 5th Gen architecture, allows non-privileged user processes to perform valid GPU operations that extend beyond allocated memory buffer bounds. This situation potentially exposes sensitive areas of memory, raising security concerns, particularly when utilizing WebGL and WebGPU technologies, which facilitate 3D rendering in web applications. Affected versions span various releases, making prompt attention necessary to mitigate risks associated with this flaw.

Affected Version(s)

Arm 5th Gen GPU Architecture Userspace Driver r41p0

Arm 5th Gen GPU Architecture Userspace Driver r50p0

Bifrost GPU Userspace Driver r0p0

References

https://developer.arm.com/documentation/110435/latest/

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Dec 4, 2024