SB2026070738 - Race condition in Linux kernel arm64 kernel
Published: July 7, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Race condition (CVE-ID: CVE-2025-10263)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper synchronization in broadcast TLB invalidation completion handling in the arm64 TLB invalidation logic when performing memory accesses translated by an invalidated TLB entry after a TLBI;DSB sequence. A local user can trigger affected memory access patterns to cause a denial of service.
The issue affects only the completion of memory accesses translated by an invalidated TLB entry and does not prevent the actual invalidation of TLB entries.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1268c64e2bcb6e968152990e87bd10c440fcc9c0
- https://git.kernel.org/stable/c/1b47b1e1d8675fdf5f6e11e7fa19c704d8c6f5cd
- https://git.kernel.org/stable/c/4e7c80742e6dada9f8b9ad63f3a49c03af07ecb8
- https://git.kernel.org/stable/c/7c3ad9365079e716b57d2363d3081ee7680cc18e
- https://git.kernel.org/stable/c/8364384ae82fbffdf8968abaac3455ed854da18d
- https://git.kernel.org/stable/c/925058203229403008d77a52b1e63e2ae5f4a3cf
- https://git.kernel.org/stable/c/cfd391e74134db664feb499d43af286380b10ba8
- https://git.kernel.org/stable/c/d4fd4282204044fdedd1e42abbe70a9206f74ec0
- https://git.kernel.org/stable/c/e717a4d08779f1a28d6e0275e75040b12c33c753