CVE-2025-0932 – A Use After Free vulnerability in Arm GPU drive... (How to Fix)

Q: What is the severity of CVE-2025-0932?

CVE-2025-0932 has a CVSS score of 4.3 (MEDIUM). A Use After Free vulnerability in Arm GPU drivers allows non-privileged user processes to access freed memory through GPU operations like WebGL or WebGPU. This affects Bifrost, Valhall, and Arm 5th Gen GPU Architecture userspace drivers across multiple versions. Users with affected GPU drivers are vulnerable when processing untrusted GPU content.

📋 TL;DR

A Use After Free vulnerability in Arm GPU drivers allows non-privileged user processes to access freed memory through GPU operations like WebGL or WebGPU. This affects Bifrost, Valhall, and Arm 5th Gen GPU Architecture userspace drivers across multiple versions. Users with affected GPU drivers are vulnerable when processing untrusted GPU content.

💻 Affected Systems

Products:

Arm Ltd Bifrost GPU Userspace Driver
Arm Ltd Valhall GPU Userspace Driver
Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver

Versions: Bifrost: r48p0 through r49p3, r50p0 through r51p0; Valhall: r48p0 through r49p3, r50p0 through r54p0; Arm 5th Gen: r48p0 through r49p3, r50p0 through r54p0

Operating Systems: Android, Linux, ChromeOS, Other Arm-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Arm Mali GPUs. Vulnerability is triggered through WebGL or WebGPU APIs in browsers.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Potential information disclosure, memory corruption, or privilege escalation leading to system compromise.

🟠

Likely Case

Information disclosure of freed memory contents, potentially exposing sensitive data or causing application crashes.

🟢

If Mitigated

Limited impact with proper sandboxing and GPU process isolation in browsers.

🌐 Internet-Facing: MEDIUM - WebGL/WebGPU content from untrusted sources could trigger exploitation.

🏢 Internal Only: LOW - Requires local user access or malicious GPU content execution.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to execute malicious GPU content. Browser sandboxing may limit impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Bifrost: r51p1+, Valhall: r54p1+, Arm 5th Gen: r54p1+

Vendor Advisory: https://developer.arm.com/documentation/110626/latest/

Restart Required: No

Instructions:

1. Check current GPU driver version. 2. Update to patched versions: Bifrost r51p1+, Valhall r54p1+, Arm 5th Gen r54p1+. 3. Update browser/OS GPU drivers. 4. Verify patch application.

🔧 Temporary Workarounds

Disable WebGL/WebGPU

all

Disable GPU acceleration in browsers to prevent exploitation vectors.

Browser-specific: chrome://flags/#disable-webgl
Browser-specific: about:config -> webgl.disabled = true

🧯 If You Can't Patch

Restrict browser GPU acceleration and WebGL/WebGPU usage
Implement application sandboxing and process isolation for GPU workloads

🔍 How to Verify

Check if Vulnerable:

Check GPU driver version via: cat /sys/class/misc/mali0/device/driver_version or vendor-specific GPU info commands

Check Version:

cat /sys/class/misc/mali0/device/driver_version 2>/dev/null || echo 'Check device documentation'

Verify Fix Applied:

Verify GPU driver version is updated to patched versions: Bifrost r51p1+, Valhall r54p1+, Arm 5th Gen r54p1+

📡 Detection & Monitoring

Log Indicators:

GPU driver crash logs
Browser WebGL/WebGPU error logs
Memory access violation logs

Network Indicators:

Unusual WebGL/WebGPU resource loading patterns

SIEM Query:

GPU driver crashes OR WebGL errors OR memory access violations

📊 Metadata

CVE ID: CVE-2025-0932

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-416

EPSS Score: 0.04% exploit probability (11.5th percentile)

Published: August 4, 2025

Last Updated: December 18, 2025

🔗 References

https://developer.arm.com/documentation/110626/latest/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0932, you might also want to check these: