CVE-2026-0995 - Vulnerability Details - OpenCVE

An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Arm

C1 Pro

unaffected

Version	Status	Constraints
`0`	affected	< r1p2-50eac0

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://developer.arm.com/documentation/111823

History

Mon, 02 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.
Weaknesses		CWE-362
References		https://developer.arm.com/documentation/111823

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Arm

Published: 2026-03-02T14:52:55.859Z

Updated: 2026-03-02T16:16:02.649Z

Reserved: 2026-01-15T15:26:49.754Z

Link: CVE-2026-0995

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-02T15:16:31.910

Modified: 2026-03-02T15:16:31.910

Link: CVE-2026-0995

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-362

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0995", "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "state": "PUBLISHED", "assignerShortName": "Arm", "dateReserved": "2026-01-15T15:26:49.754Z", "datePublished": "2026-03-02T14:52:55.859Z", "dateUpdated": "2026-03-02T16:16:02.649Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "C1 Pro", "vendor": "Arm", "versions": [{"lessThan": "r1p2-50eac0", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2026-03-02T14:41:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.</p>"}], "value": "An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm", "dateUpdated": "2026-03-02T14:52:55.859Z"}, "references": [{"url": "https://developer.arm.com/documentation/111823"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T16:14:24.107940Z", "id": "CVE-2026-0995", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T16:16:02.649Z"}}]}}