Race condition in Linux kernel - CVE-2025-10263
Published: July 2, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper synchronization in broadcast TLBI completion handling in the arm64 CPU errata logic when performing broadcast TLB invalidation on affected Arm CPUs. A local user can trigger memory management activity to cause a denial of service.
The issue affects completion of memory accesses translated by an invalidated TLB entry, while TLB invalidation itself still occurs correctly.
How to mitigate CVE-2025-10263
Sources
- https://git.kernel.org/stable/c/1268c64e2bcb6e968152990e87bd10c440fcc9c0
- https://git.kernel.org/stable/c/1b47b1e1d8675fdf5f6e11e7fa19c704d8c6f5cd
- https://git.kernel.org/stable/c/4e7c80742e6dada9f8b9ad63f3a49c03af07ecb8
- https://git.kernel.org/stable/c/7c3ad9365079e716b57d2363d3081ee7680cc18e
- https://git.kernel.org/stable/c/8364384ae82fbffdf8968abaac3455ed854da18d
- https://git.kernel.org/stable/c/925058203229403008d77a52b1e63e2ae5f4a3cf
- https://git.kernel.org/stable/c/cfd391e74134db664feb499d43af286380b10ba8
- https://git.kernel.org/stable/c/d4fd4282204044fdedd1e42abbe70a9206f74ec0
- https://git.kernel.org/stable/c/e717a4d08779f1a28d6e0275e75040b12c33c753