Back to Security Bulletins and Briefs

ARM® CPU Vulnerability : Bypass of Stage 1 translation, Stage-2 translation, or GPT Protection

AMD ID: AMD-SB-8021

Summary

According to the ARM® security team, completion of affected memory accesses might not be guaranteed by completion of a Translation Lookaside Buffer Invalidate (TLBI).

CVE Details

Refer to Glossary for explanation of terms

CVE CVE Description CVSS Score
CVE-2025-10263
(non-AMD)		 According to the ARM® security team, a broadcast Translation Lookaside Buffer Invalidate (TLBI) on another Processing Element (PE) may be completed before affected memory accesses are globally observed. This may permit bypass of Stage 1 translation, Stage 2 translation, or Granule Protection Tables(GPT ) protection.

The ARM® security team provided the following scores:

8.8 (local access to the system requires authentication)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.3 (system permits local untrusted code execution) CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 

Affected Products and Mitigation

Versal™ Prime Series Gen 2
Versal™ AI Edge Series Gen 2 

According to the ARM® security team, the issue can be avoided by following the data synchronization barrier (DSB) in condition 3 with an additional TLBI and DSB for which all of the following conditions are met:

  • The TLBI applies to the Inner Shareable or Outer Shareable domain containing PEx.
  • The DSB is sufficient to complete the TLBI.

For example, where PEx and PEy are in the same Inner Shareable domain, a TLBI VALE1IS, XZR followed by a DSB ISH is sufficient regardless of the specific preceding TLBI instructions.

A single additional TLBI and DSB are sufficient regardless of how many TLBIs are completed by the DSB in condition 3.

ARM® has provided workaround in Trusted Firmware – A (TF-A) software, and plans to release Linux patches alongside the public disclosure on Jun 9, 2026. AMD plans to integrate TF-A patches as part of the AMD Yocto Native Board Support Package v2026.2 release. Once Linux patches are accepted by open-source community and incorporated in LTS version, the subsequent release of AMD Yocto Native Board Support Package will have Linux patches.

Please contact an AMD Field Application Engineer (FAE) if you would like to obtain ARM® provided patches for integration into TF-A.

Acknowledgement 

ARM® Product Security Incident Report Team (PSIRT)

Revisions

Revision Date Description
2026-06-09 Initial publication

DISCLAIMER

The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.

AMD, the AMD Arrow logo, Versal, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.

© 2026 Advanced Micro Devices, Inc. All rights reserved.