Improper locking in Linux kernel - CVE-2025-10263
Published: July 11, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper hardware synchronization in arm64 TLB invalidation handling when processing broadcast TLB invalidation sequences on affected Arm CPUs. A local user can trigger memory accesses that rely on an invalidated TLB entry to cause a denial of service.
The issue affects only the completion of memory accesses translated by an invalidated TLB entry and does not affect the actual invalidation of TLB entries.
How to mitigate CVE-2025-10263
Sources
- https://git.kernel.org/stable/c/1268c64e2bcb6e968152990e87bd10c440fcc9c0
- https://git.kernel.org/stable/c/1b47b1e1d8675fdf5f6e11e7fa19c704d8c6f5cd
- https://git.kernel.org/stable/c/4e7c80742e6dada9f8b9ad63f3a49c03af07ecb8
- https://git.kernel.org/stable/c/7c3ad9365079e716b57d2363d3081ee7680cc18e
- https://git.kernel.org/stable/c/8364384ae82fbffdf8968abaac3455ed854da18d
- https://git.kernel.org/stable/c/925058203229403008d77a52b1e63e2ae5f4a3cf
- https://git.kernel.org/stable/c/cfd391e74134db664feb499d43af286380b10ba8
- https://git.kernel.org/stable/c/d4fd4282204044fdedd1e42abbe70a9206f74ec0
- https://git.kernel.org/stable/c/e717a4d08779f1a28d6e0275e75040b12c33c753