IoT, Potential Risk of CVE

CVE-2025-10263 Mitigation on Versal Gen 2 (11th June 2026).

Leave a comment

Preface: AMD Versal™ AI Edge Series Gen 2 adaptive SoC – These heterogeneous devices are designed to accelerate end-to-end processing (from raw sensor ingestion to AI inference and post-processing) on a single chip. They are built specifically for power and area-constrained embedded systems targeting automotive, aerospace, industrial, and healthcare markets.

Background: In the AMD Versal™ AI Edge Series Gen 2 architecture, the combination of Stage-1 Translation, Stage-2 Translation, and Granule Protection Table (GPT) checks is required to establish Hardware-based Security (Confidential Computing) and Functional Safety (ASIL D / SIL 3).

These three layers of memory management and protection map to specific responsibilities in modern heterogeneous systems:

  • Stage-1 Translation (Virtual to Intermediate Physical Address): Handled by the OS or hypervisor within the Arm CPUs to provide memory virtualization, isolation between user applications, and process-level memory management. [1]
  • Stage-2 Translation (Intermediate Physical to Physical Address): Handled by the hypervisor to manage virtual machines. It ensures guest operating systems can only access the memory regions explicitly allocated to them.
  • Granule Protection Table (GPT) Protection: Because the Versal device has a highly interconnected heterogeneous architecture (CPUs, GPUs, AI Engines, and Programmable Logic), standard MMUs are not enough to protect memory mapped into non-CPU components. GPTs act as a final “hardware gatekeeper” for the physical memory map. They ensure that an untrusted block in the Programmable Logic (FPGA fabric) or a specific AI Engine tile cannot access or overwrite memory assigned to secure/realm OS environments.

Ref: ASIL D (Automotive Safety Integrity Level) and SIL 3 (Safety Integrity Level) are the highest standard requirements for safety-critical systems in the automotive and general industrial sectors, respectively. While they demand equally rigorous risk reduction, they originate from different regulatory frameworks.

Vulnerability details: CVE-2025-10263 According to the ARM® security team, a broadcast Translation Lookaside Buffer Invalidate (TLBI) on another Processing Element (PE) may be completed before affected memory accesses are globally observed. This may permit bypass of Stage 1 translation, Stage 2 translation, or Granule Protection Tables(GPT ) protection.

Official announcement: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8021.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.