CVE-2025-0932

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

U

se After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to gain access to already freed memory.This issue affects Bifrost GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0.

References

Link	Resource
https://developer.arm.com/documentation/110626/latest/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arm:5th_gen_gpu_architecture_userspace_driver::::::::
	cpe:2.3:a:arm:5th_gen_gpu_architecture_userspace_driver::::::::
	cpe:2.3:a:arm:bifrost_gpu_userspace_driver::::::::
	cpe:2.3:a:arm:bifrost_gpu_userspace_driver::::::::
	cpe:2.3:a:arm:valhall_gpu_userspace_driver::::::::
	cpe:2.3:a:arm:valhall_gpu_userspace_driver::::::::

History

18 Dec 2025, 15:28

Type	Values Removed	Values Added
References	~~() https://developer.arm.com/documentation/110626/latest/ -~~	() https://developer.arm.com/documentation/110626/latest/ - Vendor Advisory
First Time		Arm 5th Gen Gpu Architecture Userspace Driver Arm valhall Gpu Userspace Driver Arm bifrost Gpu Userspace Driver Arm
CPE		cpe:2.3:a:arm:valhall_gpu_userspace_driver:::::::: cpe:2.3:a:arm:5th_gen_gpu_architecture_userspace_driver:::::::: cpe:2.3:a:arm:bifrost_gpu_userspace_driver::::::::

05 Aug 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-04 10:15

Updated : 2025-12-18 15:28

NVD link : CVE-2025-0932

Mitre link : CVE-2025-0932

CVE.ORG link : CVE-2025-0932

JSON object : View

Products Affected

CWE

CWE-416

Use After Free

{"id": "CVE-2025-0932", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-08-04T10:15:27.547", "references": [{"url": "https://developer.arm.com/documentation/110626/latest/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to gain access to already freed memory.This issue affects Bifrost GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0."}, {"lang": "es", "value": "Vulnerabilidad de Use After Free en Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver permite que un proceso de usuario sin privilegios realice operaciones de procesamiento de GPU v\u00e1lidas, incluso mediante WebGL o WebGPU, para obtener acceso a memoria ya liberada. Este problema afecta a los controladores de espacio de usuario de GPU Bifrost: de r48p0 a r49p3 y de r50p0 a r51p0; a los controladores de espacio de usuario de GPU Valhall: de r48p0 a r49p3 y de r50p0 a r54p0; y a los controladores de espacio de usuario de arquitectura de GPU de Arm 5.\u00aa generaci\u00f3n: de r48p0 a r49p3 y de r50p0 a r54p0."}], "lastModified": "2025-12-18T15:28:47.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arm:5th_gen_gpu_architecture_userspace_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2D76255-45D3-483E-928F-13B0A03E8C28", "versionEndExcluding": "r49p4", "versionStartIncluding": "r48p0"}, {"criteria": "cpe:2.3:a:arm:5th_gen_gpu_architecture_userspace_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04ADA3A4-C98B-4BDA-8838-F742CAAE7F3C", "versionEndExcluding": "r54p1", "versionStartIncluding": "r50p0"}, {"criteria": "cpe:2.3:a:arm:bifrost_gpu_userspace_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30D58642-28C3-4BAA-B90B-0FCDE8768578", "versionEndExcluding": "r49p4", "versionStartIncluding": "r48p0"}, {"criteria": "cpe:2.3:a:arm:bifrost_gpu_userspace_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DCC851E-D28E-4BF1-B341-146D60DEC4B3", "versionEndExcluding": "r54p1", "versionStartIncluding": "r50p0"}, {"criteria": "cpe:2.3:a:arm:valhall_gpu_userspace_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E54F886B-84DE-47ED-90D7-3A910BE2D592", "versionEndExcluding": "r49p4", "versionStartIncluding": "r48p0"}, {"criteria": "cpe:2.3:a:arm:valhall_gpu_userspace_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18A9000D-8DAA-4B5E-930A-B3E1225C63D2", "versionEndExcluding": "r54p1", "versionStartIncluding": "r50p0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}