9.17. Advisory TFV-17 (CVE-2025-10263)

Title

TLBI+DSB might complete too early

CVE ID

CVE-2025-10263

Date

Reported on 13 August 2025

Versions Affected

All, up to and including v2.15

Configurations Affected

All platforms containing any of the following cores: (note that if even a single affected core is present that all cores must implement the workaround, which the TFA patch does)

  • Cortex-A76

  • Cortex-A76AE

  • Cortex-A77

  • Cortex-X1

  • Cortex-X1C

  • Cortex-A78

  • Cortex-A78C

  • Cortex-A78AE

  • Cortex-A710

  • Cortex-X2

  • Cortex-X3

  • Cortex-X4

  • Cortex-X925

  • Neoverse-N1

  • Neoverse-N2

  • Neoverse-V1

  • Neoverse-V2

  • Neoverse-V3

  • Neoverse-V3AE

  • C1-Ultra

  • C1-Premium

Impact

Exploitation may allow an attacker to corrupt page table entries or other memory-management data structures during translation invalidation operations.

Fix Version

Commit 08fab0f083db (merged on 16 June 2026)

Gerrit topic #gr/CVE-2025-10263

Credit

Arm

9.17.1. Description

A race condition exists in affected Arm CPUs whereby a memory store performed by one Processing Element (PE) may remain incomplete after another PE has invalidated the corresponding translation and completed the architecturally required TLBI and DSB sequence. Under specific microarchitectural conditions, the assumption that all memory accesses made using the invalidated translation table entry have completed might not hold true.

This behavior can result in memory corruption affecting translation tables and other protected memory structures. Successful exploitation may lead to denial of service or privilege escalation within the affected translation regime.

Practical exploitation has been demonstrated to the extent of page table corruption. Feasible privilege escalation is considered possible, although full exploitation has not yet been publicly demonstrated.

9.17.2. Conditions

  1. PE A executes a store that crosses a page boundary.

  2. PE B executes a TLB invalidate instruction which affects at least one of pages targeted by PE A’s store, followed by a DSB.

  3. Complex micro-architectural conditions occur.

  4. PE B’s DSB may complete before the global observation of a portion of PE A’s store which was affected by the TLB invalidation. The relevant TLB entries are invalidated correctly before the completion of the DSB.

9.17.3. Workaround

This can be avoided by executing the TLBI and DSB instructions a 2nd time. For code sequences that have multiple TLB invalidate instuctions followed by a single DSB, only the last TLB invalidate and DSB need to be repeated.

9.17.4. Impact on TF-A

TF-a uses an affected instruction sequence only in the Xlat library, so the workaround is inserted at the end of that function. Unlike most CVEs, this workaround is disabled by default due to it being needed when a platform contains any single CPU that is affected. So it must be explicitly enabled using the flag WORKAROUND_CVE_2025_10263 by the platform when an affected CPU is present.

For further information, affected CPUs, and detailed guidance, refer to the full Official Arm Advisory.