CVE-2025-0647
BaseFortify
Publication date: 2026-01-14
Last updated on: 2026-01-26
Assigner: Arm Limited
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | c1-ultra_firmware | * |
| arm | c1-ultra | * |
| arm | c1-premium_firmware | * |
| arm | c1-premium | * |
| arm | cortex-a710_firmware | * |
| arm | cortex-a710 | * |
| arm | cortex-x2_firmware | * |
| arm | cortex-x2 | * |
| arm | cortex-x3_firmware | * |
| arm | cortex-x3 | * |
| arm | cortex-x4_firmware | * |
| arm | cortex-x4 | * |
| arm | cortex-x925_firmware | * |
| arm | cortex-x925 | * |
| arm | neoverse-v2_firmware | * |
| arm | neoverse-v2 | * |
| arm | neoverse-v3_firmware | * |
| arm | neoverse-v3 | * |
| arm | neoverse-v3ae_firmware | * |
| arm | neoverse-v3ae | * |
| arm | neoverse-n2_firmware | * |
| arm | neoverse-n2 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-226 | The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in certain Arm CPUs where executing a CPP RCTX instruction on one Processing Element (PE) can prevent the Translation Lookaside Buffer (TLB) from being properly invalidated when a TLB Invalidate (TLBI) instruction is issued to that PE. As a result, the PE may keep stale TLB entries that should have been invalidated, potentially causing incorrect memory translations.
How can this vulnerability impact me? :
The impact of this vulnerability is that a Processing Element may retain outdated or stale TLB entries, which can lead to incorrect memory access or security issues due to improper memory translation. This could affect system stability, security, or data integrity depending on how memory management is used in the affected system.