CVE-2025-0932

EUVD-2025-23496

04.08.2025, 10:15

Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to gain access to already freed memory.This issue affects Bifrost GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Affected Products (NVD)

Vendor	Product	Version
arm	5th_gen_gpu_architecture_userspace_driver	r48p0 ≤ 𝑥 < r49p4
arm	5th_gen_gpu_architecture_userspace_driver	r50p0 ≤ 𝑥 < r54p1
arm	bifrost_gpu_userspace_driver	r48p0 ≤ 𝑥 < r49p4
arm	bifrost_gpu_userspace_driver	r50p0 ≤ 𝑥 < r54p1
arm	valhall_gpu_userspace_driver	r48p0 ≤ 𝑥 < r49p4
arm	valhall_gpu_userspace_driver	r50p0 ≤ 𝑥 < r54p1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://developer.arm.com/documentation/110626/latest/