SB2026070231 - Improper locking in Linux kernel arm64 kernel
Published: July 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper locking (CVE-ID: CVE-2025-10263)
CWE-ID: CWE-667 - Improper Locking
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper memory synchronization in broadcast TLB invalidation completion handling in the arm64 CPU errata logic when performing broadcast TLB invalidation on affected Arm CPUs. A local user can trigger memory access patterns that rely on invalidated TLB entries to cause a denial of service.
The issue affects only completion of memory accesses translated by an invalidated TLB entry and does not prevent the actual invalidation of TLB entries.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1268c64e2bcb6e968152990e87bd10c440fcc9c0
- https://git.kernel.org/stable/c/1b47b1e1d8675fdf5f6e11e7fa19c704d8c6f5cd
- https://git.kernel.org/stable/c/4e7c80742e6dada9f8b9ad63f3a49c03af07ecb8
- https://git.kernel.org/stable/c/7c3ad9365079e716b57d2363d3081ee7680cc18e
- https://git.kernel.org/stable/c/8364384ae82fbffdf8968abaac3455ed854da18d
- https://git.kernel.org/stable/c/925058203229403008d77a52b1e63e2ae5f4a3cf
- https://git.kernel.org/stable/c/cfd391e74134db664feb499d43af286380b10ba8
- https://git.kernel.org/stable/c/d4fd4282204044fdedd1e42abbe70a9206f74ec0
- https://git.kernel.org/stable/c/e717a4d08779f1a28d6e0275e75040b12c33c753