SB2026071103 - Improper locking in Linux kernel arm64 kernel



SB2026071103 - Improper locking in Linux kernel arm64 kernel

Published: July 11, 2026

Security Bulletin ID SB2026071103
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper locking (CVE-ID: CVE-2025-10263)

CWE-ID: CWE-667 - Improper Locking

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper hardware synchronization in arm64 TLB invalidation handling when processing broadcast TLB invalidation sequences on affected Arm CPUs. A local user can trigger memory accesses that rely on an invalidated TLB entry to cause a denial of service.

The issue affects only the completion of memory accesses translated by an invalidated TLB entry and does not affect the actual invalidation of TLB entries.


Remediation

Install update from vendor's website.