CVE-2025-0932: Fixes potential UAF in the ARM shader compiler reachable through WebGPU

Published Aug 4, 2025
·
Updated

Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to gain access to already freed memory.This issue affects Bifrost GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0.

Affected Software

10 affected components
Arm Ltd Bifrost GPU Userspace Driver>=r48p0<=r49p3, >=r50p0<r51p0
Arm Ltd Valhall GPU Userspace Driver>=r48p0<=r49p3, >=r50p0<r54p0
Arm Ltd 5th Gen GPU Architecture Userspace Driver>=r48p0<=r49p3, >=r50p0<r54p0
Google Android
Arm 5th Gen GPU Architecture Userspace Driver>=r48p0<r49p4
Arm 5th Gen GPU Architecture Userspace Driver>=r50p0<r54p1
Arm Bifrost GPU Userspace Driver>=r48p0<r49p4
Arm Bifrost GPU Userspace Driver>=r50p0<r54p1
Arm Valhall GPU Userspace Driver>=r48p0<r49p4
Arm Valhall GPU Userspace Driver>=r50p0<r54p1

Remediation

Information

This issue has been fixed in the following versions: Bifrost GPU Userspace Driver r49p4, r54p1; Valhall GPU Userspace Driver r49p4, r54p1; Arm 5th Gen GPU Architecture Userspace Driver r49p4, r54p1. Arm recommends that affected users upgrade to the latest applicable version to protect against this issue.

Event History

Aug 4, 2025
CVE Published
via Android·12:00 AM
Data Sourced
via Android·12:00 AM
SeverityAffected Software
CVE Published
via MITRE·10:00 AM
Data Sourced
via MITRE·10:00 AM
RemedyDescriptionWeakness
Data Sourced
via NVD·10:15 AM
DescriptionSeverityWeaknessAffected Software
Feb 26, 2026
Data Sourced
12:00 AM
SeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-0932?

CVE-2025-0932 is classified as a high severity vulnerability due to its potential to allow non-privileged user processes to exploit memory management flaws.

2

How do I fix CVE-2025-0932?

To mitigate CVE-2025-0932, upgrade affected drivers to the latest versions specified by Arm Ltd that patch the use-after-free vulnerability.

3

Which products are affected by CVE-2025-0932?

CVE-2025-0932 affects Arm Ltd's Bifrost GPU Userspace Driver, Valhall GPU Userspace Driver, and 5th Gen GPU Architecture Userspace Driver in specific version ranges.

4

What is a use-after-free vulnerability like CVE-2025-0932?

A use-after-free vulnerability, such as CVE-2025-0932, occurs when a program continues to use a pointer after the memory it points to has been freed, potentially leading to arbitrary code execution.

5

Can CVE-2025-0932 be exploited remotely?

CVE-2025-0932 could be exploited remotely when attackers leverage valid GPU processing operations, particularly through WebGL or WebGPU.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203