CVE-2025-0647

EUVD-2026-2516
In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have been invalidated by the TLBI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.9 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CISA-ADPADP
7.9 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
armc1-ultra_firmware
-
armc1-premium_firmware
-
armcortex-a710_firmware
-
armcortex-x2_firmware
-
armcortex-x3_firmware
-
armcortex-x4_firmware
-
armcortex-x925_firmware
-
armneoverse-v2_firmware
-
armneoverse-v3_firmware
-
armneoverse-v3ae_firmware
-
armneoverse-n2_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://developer.arm.com/documentation/111546
https://graph.volerion.com/view?ID=CVE-2025-0647