Skip to main content

Arm CPU Cores CVE-2025-10263

| EUVD-2025-210084 CRITICAL
Race Condition (CWE-362)
2026-06-09 Arm GHSA-x9c8-763w-495x
Information Disclosure Race Condition C1 Ultra C1 Premium Neoverse V3 Neoverse V3Ae Neoverse V1 Neoverse N2 Neoverse N1 Cortex X925 Cortex X4 Cortex X3 Cortex X2 Cortex X1 Cortex X1C Cortex A710 Cortex A78 Cortex A78Ae Cortex A78C Cortex A77 Cortex A76 Cortex A76Ae Red Hat Suse
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
SUSE
CRITICAL
qualitative
Red Hat
8.4 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 16:22 vuln.today
CVSS changed
Jun 09, 2026 - 16:22 NVD
9.1 (CRITICAL)
CVE Published
Jun 09, 2026 - 09:23 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

AnalysisAI

Cross-exception-level write access in multiple Arm CPU cores including Cortex-A76 through Cortex-X925, Neoverse N1/N2/V1/V2/V3/V3AE, and C1-Ultra/Premium designs allows a lower-privileged context to modify resources owned by a higher exception level due to a race condition (CWE-362). Tracked also as Xen XSA-493 and EUVD-2025-210084, the issue carries a CVSS of 9.1 reflecting high confidentiality and integrity impact, though there is no public exploit identified at time of analysis and the EPSS score of 0.02% (4th percentile) indicates very low predicted exploitation probability.

Technical ContextAI

Arm processors enforce isolation between exception levels (EL0 user, EL1 kernel/guest, EL2 hypervisor, EL3 secure monitor) so lower levels cannot tamper with state owned by higher ones. CWE-362 (concurrent execution using shared resource with improper synchronization, i.e. a race condition) indicates a window between checking and using a CPU-managed resource where a competing thread or hardware agent can write to memory or system register state that should be reserved for a higher EL. Affected silicon spans Armv8.2-A through Armv9.2-A application cores (Cortex-A76/A77/A78/A78AE/A78C/A710, Cortex-X1/X1C/X2/X3/X4/X925, the new C1-Ultra/C1-Premium) and most current Neoverse server cores (N1, N2, V1, V2, V3, V3AE), making this a microarchitectural family-wide errata, with the Xen XSA-493 reference indicating particular relevance to hypervisor-on-Arm deployments where guests could potentially write to hypervisor-owned state.

RemediationAI

No vendor-released patch identified at time of analysis as a single firmware artifact - Arm's developer.arm.com/documentation/112137 advisory should be consulted per core to obtain the relevant errata workaround sequence, and SoC vendors (Qualcomm, MediaTek, NVIDIA, Ampere, AWS Graviton OEMs, etc.) will need to ship updated firmware or microcode/erratum software workarounds incorporating that guidance. Hypervisor operators should track and apply the Xen XSA-493 fix (http://xenbits.xen.org/xsa/advisory-493.html) and equivalent updates for KVM/Hyper-V on Arm as they become available. Until per-platform updates ship, compensating controls include restricting the ability to execute untrusted code at EL0/EL1 on affected hosts (avoid running untrusted guest VMs or untrusted containers on shared Neoverse hardware), pinning sensitive workloads to unaffected cores where heterogeneous SoCs allow, and monitoring vendor security bulletins for SoC-specific firmware updates; note that workload pinning reduces capacity and the guest-restriction control is incompatible with multi-tenant cloud or shared-VDI models.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

CVE-2025-10263 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy