EUVD-2025-16637
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r28p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p3, from r50p0 through r54p0.
Analysis
Buffer over-read vulnerability in Arm GPU userspace drivers (Bifrost, Valhall, and 5th Gen architectures) that allows unprivileged local users to access memory outside allocated buffer bounds through valid GPU operations including WebGL and WebGPU. The vulnerability affects multiple driver versions across three GPU architectures and has a CVSS score of 7.8 with high impact on confidentiality, integrity, and availability; exploitation status and POC availability are not documented in the provided data.
Technical Context
This vulnerability exists in the userspace GPU drivers for Arm's GPU architectures, which handle GPU memory management and buffer allocation for graphics workloads. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating inadequate bounds checking when the driver processes GPU operations. The affected drivers are: (1) Bifrost GPU Userspace Driver versions r18p0-r49p3 and r50p0-r51p0; (2) Valhall GPU Userspace Driver versions r28p0-r49p3 and r50p0-r54p0; (3) Arm 5th Gen GPU Architecture Userspace Driver versions r41p0-r49p3 and r50p0-r54p0. The vulnerability can be triggered through standard GPU interfaces including WebGL (via browser graphics rendering) and WebGPU (next-gen GPU API), meaning exploitation does not require direct GPU driver access but can occur through web-based GPU processing, significantly expanding the attack surface.
Affected Products
Arm Bifrost GPU Userspace Driver: versions r18p0 through r49p3, and r50p0 through r51p0; Arm Valhall GPU Userspace Driver: versions r28p0 through r49p3, and r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: versions r41p0 through r49p3, and r50p0 through r54p0. These drivers are used in mobile SoCs (Qualcomm Snapdragon with Adreno GPU integration may share components), ARM-based servers, and edge devices. Systems running these driver versions that support WebGL or WebGPU are at risk, including Android devices, ChromeOS devices, Linux systems with Mali GPUs, and iOS devices. The broad version range (r18p0 through r54p0 depending on architecture) suggests many deployed systems are affected.
Remediation
Users should update to patched driver versions beyond the affected ranges: for Bifrost GPU Userspace Driver, upgrade to r51p1 or later (beyond r51p0); for Valhall GPU Userspace Driver, upgrade to r54p1 or later (beyond r54p0); for Arm 5th Gen GPU Architecture Userspace Driver, upgrade to r54p1 or later (beyond r54p0). OEMs and device manufacturers should consult Arm's official security advisories for their specific GPU driver lineage and apply patches through firmware updates. Interim mitigations pending patch deployment include: disabling WebGPU if not required (browser configuration), restricting WebGL in untrusted contexts via Content Security Policy, running untrusted applications in isolated sandboxes, and monitoring for suspicious GPU memory access patterns. System administrators should prioritize patching systems that run multi-user workloads or expose GPU functionality to untrusted code.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today