CVE-2025-1246
📋 TL;DR
A memory buffer overflow vulnerability in Arm GPU drivers allows non-privileged user processes to access memory outside allocated bounds via GPU operations like WebGL or WebGPU. This affects multiple Arm GPU driver families across specific version ranges. Attackers could potentially read or write unauthorized memory.
💻 Affected Systems
- Arm Bifrost GPU Userspace Driver
- Arm Valhall GPU Userspace Driver
- Arm 5th Gen GPU Architecture Userspace Driver
📦 What is this software?
5th Gen Gpu Architecture Userspace Driver by Arm
View all CVEs affecting 5th Gen Gpu Architecture Userspace Driver →
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via arbitrary code execution, privilege escalation, or sensitive data exfiltration from GPU-accessible memory regions.
Likely Case
Application crashes, information disclosure from GPU memory buffers, or limited privilege escalation within the GPU context.
If Mitigated
Denial of service through application crashes if memory access is properly sandboxed and system-level protections are in place.
🎯 Exploit Status
Requires local user access or web-based exploitation through browser GPU APIs. Memory corruption vulnerabilities typically require some exploit development.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after affected ranges: Bifrost > r51p0, Valhall > r54p0, 5th Gen > r54p0
Vendor Advisory: https://developer.arm.com/documentation/110466/latest/
Restart Required: Yes
Instructions:
1. Check current GPU driver version. 2. Update to patched driver version from Arm or device manufacturer. 3. Reboot system to load new driver. 4. Verify GPU applications function correctly.
🔧 Temporary Workarounds
Disable WebGL/WebGPU in browsers
allPrevents web-based exploitation vectors by disabling GPU acceleration in browsers
chrome://flags/#disable-webgl
about:config -> webgl.disabled = true
Restrict GPU access
linuxUse system permissions to limit which users/applications can access GPU devices
chmod 600 /dev/mali0
setfacl -m u:user:rw /dev/mali*
🧯 If You Can't Patch
- Isolate affected systems from untrusted users and networks
- Implement application whitelisting to prevent unauthorized GPU applications
🔍 How to Verify
Check if Vulnerable:
Check GPU driver version: cat /sys/class/misc/mali0/device/driver_version or check Android build propertiesCheck Version:
cat /sys/class/misc/mali0/device/driver_version 2>/dev/null || dmesg | grep -i maliVerify Fix Applied:
Confirm driver version is outside affected ranges and test GPU functionality📡 Detection & Monitoring
Log Indicators:
- GPU driver crashes in system logs
- Application segmentation faults with GPU context
- Unusual GPU memory allocation patterns
Network Indicators:
- WebGL/WebGPU exploitation attempts unlikely to generate network traffic
SIEM Query:
source="kernel" "mali" AND ("segfault" OR "panic" OR "oops")