Description
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.
Published: 2026-06-09
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An implementation flaw in several Arm CPU families allows code executing at a lower exception level to write directly to memory regions or resources that are protected at a higher exception level. The race‑condition type vulnerability is inferred from the description and enables an attacker to overwrite privileged registers, configuration data, or secure memory, potentially injecting malicious code or altering system state. The result is a full privilege escalation that jeopardises the confidentiality, integrity, and availability of the entire system.

Affected Systems

Vendors and processors impacted include Arm C1‑Ultra and C1‑Premium embedded cores, all Arm Neoverse V1, V2, V3, and V3AE server and data‑center variants, Neoverse‑N1 and Neoverse‑N2, and the Cortex‑X family from X1 and X1C up through X925, and the Cortex‑A family variants A710, A78, A78AE, A78C, A77, A76, and A76AE.

Risk and Exploitability

The flaw relies on a race condition between privilege levels, inferred from the description; exploitation requires the attacker to be able to run code at a lower exception level and time writes precisely to the protected resource. The EPSS score is less than 1% and the vulnerability is not listed in CISA’s KEV catalog, indicating a modest exploitation probability. The CVSS score of 9.1 confirms the high severity and that a successful compromise would grant complete control over the device, making this vulnerability a high risk from a security standpoint when vulnerable code is present.

Generated by OpenCVE AI on June 9, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy any firmware, microcode, or platform update issued by Arm that addresses the exception‑level write protection flaw.
  • Implement strict access controls in the operating system or hypervisor to ensure that only processes with the appropriate privilege level can perform privileged writes, or disable unprivileged write access to sensitive memory regions.
  • Enable and enforce hardware security features such as the Memory Management Unit isolation and privilege‑level checks, and verify that the exception‑level enforcement is active in all software layers.

Generated by OpenCVE AI on June 9, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Unauthorized Writes to Higher Exception Level Resources in ARM Processors

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Unauthorized Writes to Higher Exception Level Resources in ARM Processors
First Time appeared Arm
Arm c1-premium
Arm c1-ultra
Arm cortex-a710
Arm cortex-a76
Arm cortex-a76ae
Arm cortex-a77
Arm cortex-a78
Arm cortex-a78ae
Arm cortex-a78c
Arm cortex-x1
Arm cortex-x1c
Arm cortex-x2
Arm cortex-x3
Arm cortex-x4
Arm cortex-x925
Arm neoverse-n2
Arm neoverse-v1
Arm neoverse-v3
Arm neoverse-v3ae
Arm neoverse N1
Vendors & Products Arm
Arm c1-premium
Arm c1-ultra
Arm cortex-a710
Arm cortex-a76
Arm cortex-a76ae
Arm cortex-a77
Arm cortex-a78
Arm cortex-a78ae
Arm cortex-a78c
Arm cortex-x1
Arm cortex-x1c
Arm cortex-x2
Arm cortex-x3
Arm cortex-x4
Arm cortex-x925
Arm neoverse-n2
Arm neoverse-v1
Arm neoverse-v3
Arm neoverse-v3ae
Arm neoverse N1

Tue, 09 Jun 2026 10:15:00 +0000

Type Values Removed Values Added
Description Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.
Weaknesses CWE-362
References

Subscriptions

Arm C1-premium C1-ultra Cortex-a710 Cortex-a76 Cortex-a76ae Cortex-a77 Cortex-a78 Cortex-a78ae Cortex-a78c Cortex-x1 Cortex-x1c Cortex-x2 Cortex-x3 Cortex-x4 Cortex-x925 Neoverse-n2 Neoverse-v1 Neoverse-v3 Neoverse-v3ae Neoverse N1
cve-icon MITRE

Status: PUBLISHED

Assigner: Arm

Published:

Updated: 2026-06-09T16:53:49.813Z

Reserved: 2025-09-11T08:50:36.018Z

Link: CVE-2025-10263

cve-icon Vulnrichment

Updated: 2026-06-09T16:53:49.813Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T10:16:33.003

Modified: 2026-06-09T17:16:56.930

Link: CVE-2025-10263

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T17:00:09Z

Weaknesses