Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r28p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p3, from r50p0 through r54p0.
AnalysisAI
Buffer over-read vulnerability in Arm GPU userspace drivers (Bifrost, Valhall, and 5th Gen architectures) that allows unprivileged local users to access memory outside allocated buffer bounds through valid GPU operations including WebGL and WebGPU. The vulnerability affects multiple driver versions across three GPU architectures and has a CVSS score of 7.8 with high impact on confidentiality, integrity, and availability; exploitation status and POC availability are not documented in the provided data.
Technical ContextAI
This vulnerability exists in the userspace GPU drivers for Arm's GPU architectures, which handle GPU memory management and buffer allocation for graphics workloads. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating inadequate bounds checking when the driver processes GPU operations. The affected drivers are: (1) Bifrost GPU Userspace Driver versions r18p0-r49p3 and r50p0-r51p0; (2) Valhall GPU Userspace Driver versions r28p0-r49p3 and r50p0-r54p0; (3) Arm 5th Gen GPU Architecture Userspace Driver versions r41p0-r49p3 and r50p0-r54p0. The vulnerability can be triggered through standard GPU interfaces including WebGL (via browser graphics rendering) and WebGPU (next-gen GPU API), meaning exploitation does not require direct GPU driver access but can occur through web-based GPU processing, significantly expanding the attack surface.
RemediationAI
Users should update to patched driver versions beyond the affected ranges: for Bifrost GPU Userspace Driver, upgrade to r51p1 or later (beyond r51p0); for Valhall GPU Userspace Driver, upgrade to r54p1 or later (beyond r54p0); for Arm 5th Gen GPU Architecture Userspace Driver, upgrade to r54p1 or later (beyond r54p0). OEMs and device manufacturers should consult Arm's official security advisories for their specific GPU driver lineage and apply patches through firmware updates. Interim mitigations pending patch deployment include: disabling WebGPU if not required (browser configuration), restricting WebGL in untrusted contexts via Content Security Policy, running untrusted applications in isolated sandboxes, and monitoring for suspicious GPU memory access patterns. System administrators should prioritize patching systems that run multi-user workloads or expose GPU functionality to untrusted code.
More in Bifrost Gpu Userspace Driver
View allImproper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace D
Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm
Same weakness CWE-119 – Buffer Overflow
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16637