Arm disclosed CVE-2025-10263, a critical flaw in many Arm CPU cores that can let memory accesses complete incorrectly during permission changes, creating a path for writes to resources owned by a higher exception level. The issue stems from a timing condition in TLB invalidation handling where completion of a TLBI is not guaranteed to mean all affected memory accesses have completed, leaving stale translations usable across privilege boundaries. Affected processors include multiple Arm Neoverse and Cortex cores as well as NVIDIA Olympus, and the flaw has implications for Stage 1, Stage 2, and GPT protections used for memory isolation and virtualization.
Vendors and projects released coordinated advisories and patches after disclosure. Linux posted kernel fixes implementing Arm's software workaround, which adds an extra TLBI and DSB in certain invalidation paths, while NVIDIA issued a related mitigation for Olympus-based Vera CPUs. Xen published XSA-493 v2, warning that on multi-core Arm systems a malicious guest could potentially keep writing after Stage 2 permissions were changed, enabling hypervisor-level privilege escalation; patches were released for xen-unstable and supported stable branches from Xen 4.17 through 4.21. FreeBSD also issued an arm64 security advisory covering the hardware issue.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
NVIDIA confirmed that its Olympus cores used in the Vera CPU are affected by CVE-2025-10263. It also issued a related mitigation patch in response.
Arm reported that it submitted mitigation patches to Trusted Firmware-A for CVE-2025-10263, alongside its documented software workaround for affected processors. This adds firmware-level mitigation work beyond the Linux kernel patches already noted.
Linux kernel patches were posted to implement Arm's recommended mitigation for CVE-2025-10263. The patches address the TLBI completion issue that can permit writes across privilege boundaries under specific timing conditions.
Arm disclosed CVE-2025-10263 as a critical vulnerability affecting a broad range of Arm CPU cores. Arm said the issue stems from a timing condition during memory permission changes and published a workaround requiring an additional TLBI and DSB for certain TLB invalidations.
Xen Security Advisory XSA-493 version 2 publicly disclosed CVE-2025-10263 as a hardware-related Arm issue affecting multi-core Xen on Arm systems. Xen said the flaw could let a malicious guest write to memory after Stage 2 permissions were changed to forbid writes, enabling possible hypervisor-level privilege escalation, and provided patch sets for supported branches.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
9 references tracked. Mallory keeps watching after this page renders.
seclists.org
Open sourcefreebsd.org
Open sourcephoronix.com
Open sourcexenbits.xen.org
Open sourcedeveloper.arm.com
Open sourcelore.kernel.org
Open sourcelore.kernel.org
Open sourceopennet.me
Open sourceopennet.ru
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.