{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0995", "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "state": "PUBLISHED", "assignerShortName": "Arm", "dateReserved": "2026-01-15T15:26:49.754Z", "datePublished": "2026-03-02T14:52:55.859Z", "dateUpdated": "2026-03-02T16:16:02.649Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "C1 Pro", "vendor": "Arm", "versions": [{"lessThan": "r1p2-50eac0", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2026-03-02T14:41:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.</p>"}], "value": "An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm", "dateUpdated": "2026-03-02T14:52:55.859Z"}, "references": [{"url": "https://developer.arm.com/documentation/111823"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T16:14:24.107940Z", "id": "CVE-2026-0995", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T16:16:02.649Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-0995", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T16:14:24.107940Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T16:15:31.160Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Arm", "product": "C1 Pro", "versions": [{"status": "affected", "version": "0", "lessThan": "r1p2-50eac0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-02T14:41:00.000Z", "references": [{"url": "https://developer.arm.com/documentation/111823"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.", "supportingMedia": [{"type": "text/html", "value": "<p>An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm", "dateUpdated": "2026-03-02T14:52:55.859Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0995", "state": "PUBLISHED", "dateUpdated": "2026-03-02T16:16:02.649Z", "dateReserved": "2026-01-15T15:26:49.754Z", "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "datePublished": "2026-03-02T14:52:55.859Z", "assignerShortName": "Arm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:c1-pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1A1B9E3-D64D-412C-A04C-E17AF995CD87", "versionEndExcluding": "r1p2-50eac0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:c1-pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "B682BB76-044E-416E-930E-19DDBB6DB940", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME."}, {"lang": "es", "value": "Se ha identificado un problema en Arm C1-Pro anterior a r1p2-50eac0, donde, bajo ciertas condiciones, un TLBI+DSB podr\u00eda fallar en garantizar la finalizaci\u00f3n de los accesos a memoria relacionados con SME."}], "id": "CVE-2026-0995", "lastModified": "2026-04-20T12:53:59.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-02T15:16:31.910", "references": [{"source": "arm-security@arm.com", "tags": ["Vendor Advisory"], "url": "https://developer.arm.com/documentation/111823"}], "sourceIdentifier": "arm-security@arm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "arm-security@arm.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,r1p2-50eac0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "C1 Pro", "source": "cna", "vendor": "Arm"}, "product": "c1-pro", "vendor": "arm"}], "analysis": {"en": {"generated_at": "2026-04-16T14:33:21.682106+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update for Arm C1\u2011Pro, which includes a fix for the TLBI+DSB race condition affecting SME memory accesses.", "Review and, if possible, redesign SME\u2011related code paths to enforce explicit memory barriers and ensure correct ordering of memory operations.", "Implement monitoring for abnormal SME activity or data corruption, and prepare a contingency plan to reboot or reset the processor if anomalies are detected."], "summary": {"action": "Assess Impact", "impact": "Inconsistent SME memory access completion due to TLBI+DSB race condition on Arm C1-Pro"}, "threat_synthesis": {"affected_systems": "The Arm C1\u2011Pro processor, specifically firmware versions prior to r1p2\u201150eac0, is affected. No additional product or version details are supplied in the source data.", "description_and_impact": "An issue exists in Arm C1-Pro firmware before r1p2\u201150eac0. During particular operations, the combination of a TLBI (TLB Invalidate) followed by a DSB (Data Synchronization Barrier) may fail to guarantee that all SME (Scalable Matrix Extension) memory accesses are completed before the next instruction. The failure could leave SME data in an incomplete or inconsistent state, potentially leading to data corruption or unpredictable system behavior. This vulnerability is characterized as a race condition (CWE\u2011362). The likely attack vector, inferred from the description, could involve manipulating SME access patterns under the compromised timing conditions, but a publicly documented exploit or remote entry point is not provided.", "risk_and_exploitability": "The CVSS score of 3.6 indicates limited impact, and the EPSS score of less than 1% reflects a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread attacks. The most probable exploitation scenario would require very specific hardware timing conditions and likely an insider or privileged attacker manipulating SME memory accesses, which reduces its overall risk to typical operational environments."}}}}, "created": "2026-03-03T08:44:58.339993+00:00", "title": "Potential SME Memory Access Issue due to TLBI+DSB Failure on Arm C1-Pro", "updated": "2026-04-16T14:45:25.929393+00:00", "vendors": ["arm", "arm$PRODUCT$c1-pro"]}