Arm Ltd GPU Drivers, Memory Buffer Bounds Vulnerability, CVE-2025-1246 (Critical)

By /

Listen to this Post

How the CVE Works

CVE-2025-1246 is an improper memory buffer restriction flaw in Arm Ltd’s Bifrost, Valhall, and 5th Gen GPU userspace drivers. A non-privileged user process can exploit GPU operations (e.g., WebGL/WebGPU) to access memory outside allocated buffer bounds. This occurs due to insufficient bounds checks in driver versions:
– Bifrost: r18p0–r49p3, r50p0–r51p0
– Valhall: r28p0–r49p3, r50p0–r54p0
– 5th Gen GPU: r41p0–r49p3, r50p0–r54p0.
The flaw enables arbitrary memory read/write, potentially leading to code execution or data corruption.

DailyCVE Form

Platform: Arm GPU Drivers
Version: r18p0–r54p0
Vulnerability: Memory buffer overflow
Severity: Critical
Date: 07/02/2025

Prediction: Patch by Q3 2025

What Undercode Say

$ vuln-check --gpu --driver=arm
$ exploit --gpu --cve=CVE-2025-1246 --webgl

How Exploit

  • Craft malicious WebGL/WebGPU shaders to trigger OOB access.
  • Chain with kernel exploits for privilege escalation.

Protection from this CVE

  • Update to patched driver versions (post-r54p0).
  • Disable WebGL/WebGPU if unused.

Impact

  • Arbitrary code execution.
  • GPU memory corruption.
  • System compromise via privilege escalation.

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

πŸ”JOIN OUR CYBER WORLD [ CVE News β€’ HackMonitor β€’ UndercodeNews ]

πŸ’¬ Whatsapp | πŸ’¬ Telegram

πŸ“’ Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | πŸ”— Linkedin Featured Image

Scroll to Top