VIR Vulnerability Intelligence Relay

CVE-2025-10263

critical
Published 2026-06-09 ยท Modified 2026-06-09
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
9.1

Description

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

Predictions

Exploit likelihood
94%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker ยท View original โ†— ยท DFSG

CVE-2025-10263 NameCVE-2025-10263 DescriptionArm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc,โ€ฆ

Workaround

s in src:linux: https://lore.kernel.org/all/20260609101203.1512409-1-mark.rutland@arm.com/

CVE-2025-10263

NameCVE-2025-10263
DescriptionArm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)bullseye4.14.6-1vulnerable
bullseye (security)4.14.5+94-ge49571868d-1vulnerable
bookworm, bookworm (security)4.17.5+72-g01140da4e8-1vulnerable
trixie4.20.2+37-g61ff35323e-0+deb13u1vulnerable
trixie (security)4.20.2+7-g1badcf5035-0+deb13u1vulnerable
forky, sid4.20.2+37-g61ff35323e-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensourcebullseye(unfixed)end-of-life
xensource(unstable)(unfixed)

Notes

[bullseye] - xen <end-of-life> (out of LTS support)
https://xenbits.xen.org/xsa/advisory-493.html
Mitigations in src:linux: https://lore.kernel.org/all/20260609101203.1512409-1-mark.rutland@arm.com/

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
[bullseye] - xen <end-of-life> (out of LTS support)https://xenbits.xen.org/xsa/advisory-493.htmlMitigations in src:linux: https://lore.kernel.org/all/20260609101203.1512409-1-mark.rutland@arm.com/

OS impact
debian Debian Affected 5 releases
VersionStatusFixed in
trixie Affected โ€”
sid Affected โ€”
forky Affected โ€”
bullseye Affected โ€”
bookworm Affected โ€”
windows Windows Affected 1 release
VersionStatusFixed in
โ€” Affected โ€”

Application impact
VendorProductVersionsFixed
gcp googlegcp

References

CWEs

CWE-362

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.