Greg Kroah-Hartman released Linux kernel 7.1.1 on June 19, 2026, at 13:50 UTC+2, just five days after Linus Torvalds unleashed the 7.1 mainline. The lightning-fast point release carries a single mission-critical payload: a patch for CVE-2025-10263, a dangerous TLB invalidation errata that affects a broad set of Arm processors, including Microsoft’s custom Azure Cobalt 100 chip and NVIDIA’s Olympus platform. The vulnerability, which could allow local attackers to read sensitive memory or escalate privileges, forced kernel maintainers to truncate the usual stabilization cycle to get the fix into users’ hands.
The 7.1 series had barely hit the mirrors on June 14 when reports began circulating about a hardware bug that undermined a cornerstone of modern CPU security—the translation lookaside buffer (TLB). By Thursday, Greg Kroah-Hartman had already cherry-picked the relevant commits from the arm64 tree and stamped the 7.1.1 tarball, urging all Arm-based server and cloud operators to upgrade without delay.
The TLB Invalidation Pitfall
TLBs are tiny, high-speed caches inside the CPU that hold recent virtual-to-physical address translations. Whenever the operating system changes a page table entry—say, when a process unmaps memory or the kernel modifies access permissions—it must issue a TLB invalidation (TLBI) instruction. That instruction ensures that stale translations are purged from all CPU cores, preventing a thread from accessing memory it should no longer be able to see.
CVE-2025-10263 arises because certain Arm implementations, when executing a specific sequence of TLBI operations, fail to fully invalidate all entries under some microarchitectural conditions. The remnants can leave behind a ghost translation pointing to a page now assigned to another process or even to kernel memory. A malicious actor running unprivileged code could manipulate the timing and pattern of memory mappings to trick the CPU into using that stale translation, effectively reading or writing data across security boundaries.
Security researchers believe the bug is not trivial to exploit remotely, but it poses a significant threat in multi-tenant environments like cloud VMs and container platforms. An attacker with a foothold in one guest VM could potentially spy on the memory of a neighboring VM or the hypervisor itself, breaking the fundamental isolation guarantees of virtualized infrastructure.
The Affected Hardware: Microsoft, NVIDIA, and Beyond
The public disclosure singles out three broad categories, but the common thread is that they all use recent Arm Neoverse-derived cores:
- Microsoft Azure Cobalt 100: The 128-core Arm v9 chip, built on a Neoverse N2 design, powers Microsoft’s own cloud services and the Cobalt VM family. Already deployed in dozens of Azure regions, these processors form the backbone of many internal workloads, including parts of Microsoft 365 and Azure SQL. A reliable TLB escape here would be catastrophic for Microsoft’s cloud security posture.
- NVIDIA Olympus: While not a consumer-facing product name, Olympus refers to the Grace-based CPU complex integrated into NVIDIA’s GH200 and GB200 superchips. These 72-core Neoverse V2 CPUs are paired with Hopper or Blackwell GPUs and are rapidly populating AI data centers. Their high-speed interconnects and shared memory pools make TLB coherence a critical concern.
- Other Arm CPUs: The errata document points to a range of Cortex-X and Cortex-A cores used in smartphones, tablets, and laptops, as well as Neoverse E-series cores in edge and embedded gear. The specific vulnerability appears to require an implementation detail present in multiple ARM licensees’ microarchitectures, so a precise list is not yet available, but the scope is wide enough to warrant an immediate kernel fix.
Dissecting the Fix
Greg Kroah-Hartman’s 7.1.1 tag merges a single patch series that had been cooking in the arm64 repository for the past week. The core change modifies the kernel’s __tlbi routines to insert a DSB (Data Synchronization Barrier) and an ISB (Instruction Synchronization Barrier) around the problematic TLB maintenance sequence, forcing a full drain of the store buffer and pipeline before and after the invalidation. This ensures that no stale entries can survive the operation, at the cost of a few dozen CPU cycles per call.
Additionally, the patch introduces a new Arm errata workaround flag (ARM64_ERRATUM_2571023) that, when enabled, programs a chicken bit in specific implementation-defined registers to disable the microarchitectural optimization that triggers the bug. The combination of software barriers and hardware mitigation closes the window entirely.
The sequence of commits looks straightforward but carries profound implications:
- arm64: tlb: Add DSB ISHST before TLBI in __flush_tlb_range()
- arm64: errata: Add workaround for Arm erratum 2571023
- arm64: Enable workaround for CVE-2025-10263 by default
The third commit flips the switch: all arm64 kernels from 7.1.1 onward will automatically apply the workaround on affected CPUs, identified by their MIDR (Main ID Register) values. Distributions and device vendors can fine-tune the enabling logic, but the default is maximum security over marginal performance.
Impact on Cloud and Enterprise Deployments
For Azure administrators, the pressure is on to roll out the fix. Microsoft’s own Linux images for Cobalt 100 instances are expected to be updated within hours of the kernel release. The Azure Security Team issued an advisory (AZURE-2026-06-001) recommending immediate patching of all guest VMs and hypervisor kernels running on Cobalt-based hosts. Amazon’s Graviton and Google’s Axion chips are based on Neoverse cores as well, but they are not explicitly named in the CVE advisory; whether they share the same errata is still being investigated. AWS has not yet released a statement.
NVIDIA’s Olympus platform presents a different challenge. Many AI clusters run immutable, purpose-built operating systems tightly coupled with CUDA drivers. Patching the kernel in-place on hundreds of nodes without disrupting training jobs is non-trivial. NVIDIA’s deployment guide suggests applying the kernel update during a maintenance window and then rebuilding the containerized runtime stacks. The company is also working on a firmware update that will apply the barrier sequences transparently at the hardware level, but that will take weeks to distribute.
For individual Arm laptop or SBC users, the risk is lower—but not zero. Malware that exploits this bug would need to run native code on the device, but such exploits could be bundled into seemingly benign applications. Linux distributions like Fedora, Ubuntu, and Arch Linux are already spinning new kernel packages. Ubuntu’s Canonical Kernel Team noted that the 7.1.1 packages will be available in all supported releases via the Ubuntu Mainline PPA by June 20.
A History of TLB-Targeting Attacks
CVE-2025-10263 is not the first time TLB mismanagement has appeared as a security boundary violation. The infamous “Meltdown” and “Spectre” vulnerabilities exploited speculative execution rather than TLBs directly, but later research—such as “TLBleed” in 2018—showed that timing differences in TLB sharing between hyper-threads could leak encryption keys. The present bug is more fundamental: an actual failure to invalidate translations, not just a side channel.
Arm’s architecture has always included explicit TLB maintenance instructions, and the Linux kernel has handled them with care. However, as CPU cores grow larger and more complex, with multiple levels of TLB caching and prefetch buffers, the verification that every path correctly drains every microarchitectural state becomes extraordinarily difficult. This errata is a sobering reminder that even the most carefully designed specification can harbor bugs when silicon meets reality.
What Should Users Do Now?
- Check your kernel version:
uname -rshould return7.1.1or higher. If you are on an Arm system and still running a pre-7.1.1 kernel, update immediately. - Verify the workaround is active: On systems where the workaround is applied, the kernel log (dmesg) will contain
Alternative: enabling workaround for erratum 25710263. You can also check/sys/devices/system/cpu/vulnerabilities/for a new entry related to CVE-2025-10263. - Expect a small performance impact: The additional barriers add a few microseconds to context-switch and mmap-heavy operations. Benchmarks show a 0.3–1.2% overhead on database transactional workloads. For most users, this is negligible compared to the security benefit.
- Monitor for broader mitigations: Arm Holdings is expected to issue a formal erratum document (UXM002571023) detailing the exact revisions affected. Motherboard and hypervisor vendors may incorporate microcode or firmware updates that will eventually allow the kernel to remove the chicken bit, restoring full performance.
The Wider Linux 7.1 Picture
Linux 7.1 itself arrived with a raft of improvements, including better sched_ext scheduling, native Bcachefs repair tools, and initial Rust support for block drivers. The 7.1.1 release, typically a calm collection of minor fixes, instead became a vehicle for urgent security. Linus Torvalds noted in the 7.1 announcement that the merge window had been “surprisingly smooth,” but the Arm TLB issue emerged too late to catch before the final release candidate.
Greg Kroah-Hartman’s willingness to fast-track the fix underlines the collaborative nature of the kernel community. Arm’s hardware engineers, Linux arm64 maintainers Catalin Marinas and Will Deacon, and Greg himself worked in a tight feedback loop to validate the patches across dozens of hardware platforms before the point release. The entire process, from initial private report to public fix, took less than two weeks—a testament to the maturity of the vulnerability disclosure and mitigation pipeline built over decades.
Looking Ahead
As Cloud providers continue to invest in Arm-based compute, hardware errata like this will only become more visible. Each new generation of cores brings architectural innovations that can introduce subtle bugs. The Linux kernel’s ability to absorb and distribute fixes quickly remains the first line of defense. For administrators, staying current with stable point releases is no longer just about stability; it is an essential security practice.
Microsoft and NVIDIA have both committed to upstreaming any additional mitigations they develop, and Arm is refining its validation suites to catch TLB invalidation failures earlier in the design phase. In the meantime, the 7.1.1 kernel stands as a silent guardian, ensuring that when a process thinks it has locked a door, it truly has.