CVE-2025-0050: Mali GPU Userspace Driver allows an Out-of-Bounds access
First published: Mon Apr 07 2025(Updated: )
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations, including via WebGL or WebGPU, to access a limited amount outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r0p0 through r49p2, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r19p0 through r49p2, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p2, from r50p0 through r53p0.
Credit: arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Ltd Bifrost GPU Userspace Driver | >=r0p0<=r49p2>=r50p0<=r51p0 | |
| Arm Ltd Valhall GPU Userspace Driver | >=r19p0<=r49p2>=r50p0<=r53p0 | |
| Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver | >=r41p0<=r49p2>=r50p0<=r53p0 |
Remedy
This issue has been fixed in the following versions: * Bifrost GPU Userspace Driver r49p3 * Valhall GPU Userspace Driver r49p3 and r54p0 * Arm 5th Gen GPU Architecture Userspace Driver r49p3 and r54p0 Arm recommends that affected users upgrade to the latest applicable version to protect against this issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0050?
CVE-2025-0050 is classified as a high-severity vulnerability due to potential unauthorized access to GPU processing capabilities.
How do I fix CVE-2025-0050?
To mitigate CVE-2025-0050, users should update to the latest versions of the affected Arm GPU Userspace Drivers.
What systems are affected by CVE-2025-0050?
CVE-2025-0050 affects Arm Ltd Bifrost, Valhall, and Arm 5th Gen GPU Userspace Drivers versions within specified ranges.
Who is impacted by CVE-2025-0050?
Non-privileged user processes on systems using the vulnerable Arm GPU Drivers are impacted by CVE-2025-0050.
What happens if CVE-2025-0050 is exploited?
If exploited, CVE-2025-0050 could allow unauthorized users to manipulate GPU processing and potentially execute arbitrary code.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/remedy
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/source
- agent/author
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/event
- vendor/arm ltd
- canonical/arm ltd bifrost gpu userspace driver
- canonical/arm ltd valhall gpu userspace driver
- canonical/arm ltd arm 5th gen gpu architecture userspace driver