CVE-2025-2879

EUVD-2025-199983

01.12.2025, 11:15

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.1 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA-ADP	ADP	5.1 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Affected Products (NVD)

Vendor	Product	Version
arm	5th_gen_gpu_architecture_kernel_driver	r41p0 ≤ 𝑥 < r49p5
arm	5th_gen_gpu_architecture_kernel_driver	r50p0 ≤ 𝑥 < r54p1
arm	valhall_gpu_kernel_driver	r29p0 ≤ 𝑥 < r49p5
arm	valhall_gpu_kernel_driver	r50p0 ≤ 𝑥 < r54p1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Vulnerability Media Exposure

[GERMAN] Google Android: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um sich erweiterte Berechtigungen zu verschaffen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen oder andere nicht näher spezifizierte Angriffe durchzuführen.
Published: 2026-03-02T23:00:00+00:00

References

https://developer.arm.com/documentation/110697/latest/