CVE-2025-1246: Mali GPU Userspace Driver allows an Out-of-Bounds access

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r28p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p3, from r50p0 through r54p0.

Classification

CVE ID: CVE-2025-1246

Problem Types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected Products

Vendor: Arm Ltd

Product: Bifrost GPU Userspace Driver, Valhall GPU Userspace Driver, Arm 5th Gen GPU Architecture Userspace Driver

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.36% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1246
https://developer.arm.com/documentation/110466/latest/

Timeline

2025-06-02 12:40:22 UTC
CVE

Mali GPU Userspace Driver allows an Out-of-Bounds access