CVE-2025-1246
HIGHDescription
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r28p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p3, from r50p0 through r54p0.
Is your site exposed to CVE-2025-1246?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| arm | 5th_gen_gpu_architecture_userspace_driver |
| arm | 5th_gen_gpu_architecture_userspace_driver |
| arm | bifrost_gpu_userspace_driver |
| arm | bifrost_gpu_userspace_driver |
| arm | bifrost_gpu_userspace_driver |
| arm | valhall_gpu_userspace_driver |
| arm | valhall_gpu_userspace_driver |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-1246? +
How severe is CVE-2025-1246? +
What products are affected by CVE-2025-1246? +
How do I check if I'm vulnerable to CVE-2025-1246? +
Related Vulnerabilities
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to …
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading …
Buffer overflow vulnerability in Immunity Debugger affecting version 1.85, its exploitation could allow a local attacker to execute arbitrary code, …
z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when …
A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality …
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a …