MNBSD-2026-26: arm64 CPU errata TLB invalidation ordering bypass

Severity: Unknown

Affected Package: kernel

Summary: arm64 CPU errata TLB invalidation ordering bypass

Description

Several Arm CPU families have an erratum where stores may not be globally observed before a TLBI+DSB sequence completes on another CPU, allowing software to write to a location after page-table permissions are changed to forbid writes, potentially enabling privilege escalation. Fixed by issuing a second TLBI after an intermediate DSB in pmap_invalidate_* on affected CPUs. Ports FreeBSD-SA-26:31.arm64.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2025-10263

Published: June 11, 2026
Last Modified: June 11, 2026