Severity: Unknown
Affected Package: kernel
Summary: arm64 CPU errata TLB invalidation ordering bypass
Several Arm CPU families have an erratum where stores may not be globally observed before a TLBI+DSB sequence completes on another CPU, allowing software to write to a location after page-table permissions are changed to forbid writes, potentially enabling privilege escalation. Fixed by issuing a second TLBI after an intermediate DSB in pmap_invalidate_* on affected CPUs. Ports FreeBSD-SA-26:31.arm64.
No specific recommendations provided.
Aliases: CVE-2025-10263
Published: June 11, 2026
Last Modified: June 11, 2026