CVE-2025-0647

HIGH

Arm CPUs - Info Disclosure

Title source: llm

Description

In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have been invalidated by the TLBI.

References (2)

[Vendor Advisory] https://developer.arm.com/documentation/111546

[Third Party Advisory] https://graph.volerion.com/view?ID=CVE-2025-0647

Scores

CVSS v3 7.9

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Classification

CWE

CWE-226

Status published

Affected Products (11)

arm/c1-ultra_firmware

arm/c1-premium_firmware

arm/cortex-a710_firmware

arm/cortex-x2_firmware

arm/cortex-x3_firmware

arm/cortex-x4_firmware

arm/cortex-x925_firmware

arm/neoverse-v2_firmware

arm/neoverse-v3_firmware

arm/neoverse-v3ae_firmware

arm/neoverse-n2_firmware

Timeline

Published Jan 14, 2026

Tracked Since Feb 18, 2026