CVE-2025-2879

01.12.2025, 11:15

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.1 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Arm	CNA	---				---
CISA-ADP	ADP	5.1 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
arm	5th_gen_gpu_architecture_kernel_driver	r41p0 ≤ 𝑥 < r49p5
arm	5th_gen_gpu_architecture_kernel_driver	r50p0 ≤ 𝑥 < r54p1
arm	valhall_gpu_kernel_driver	r29p0 ≤ 𝑥 < r49p5
arm	valhall_gpu_kernel_driver	r50p0 ≤ 𝑥 < r54p1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://developer.arm.com/documentation/110697/latest/