These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A critical vulnerability has been identified in various Arm processors, including C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A. The vulnerability may allow writes to resources owned by a higher exception level, potentially lead [truncated]
## Summary CVE-2026-42627 is a medium-severity integer overflow vulnerability in Arm ArmNN through 2026-03-27. The flaw resides in `TensorShape::GetNumElements()` within `armnn/Tensor.cpp`, where 32-bit unsigned arithmetic multiplication of tensor dimensions lacks overflow detection. A crafted TFLite model can trigger this overflow, causing `GetNumBytes()` to return an understated buffer size. During the [truncated]
CVE-2026-34871 is a MEDIUM severity vulnerability in Mbed TLS and TF-PSA-Crypto, with a CVSS score of 6.7. An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Arm Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 contain a vulnerability in their Pseudo-Random Number Generator (PRNG) implementation where seeds are misused, potentially leading to insufficient entropy or predictable random values. The issue was published on 2026-04-01 and last modified on 2026-06-01. The vulnerability is rated HIGH severity with a CVSS 3.1 score of 7.7 (AV:L/AC:L/PR:N/UI:N/S:U/ [truncated]
CVE-2024-4610 is a use-after-free vulnerability affecting the Arm Mali GPU Kernel Driver. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2024-06-12, which makes it a defensive priority even though the supplied corpus does not provide affected-version details or a public impact breakdown. Organizations using the driver should treat this as urgent and follow Arm’s mitigation guidance [truncated]
CVE-2023-4211 is a use-after-free vulnerability in the Arm Mali GPU Kernel Driver that CISA lists in its Known Exploited Vulnerabilities catalog. Because CISA marked it as known exploited, organizations using affected Arm Mali GPU Kernel Driver deployments should treat remediation as urgent and follow vendor mitigation guidance as soon as possible.
CVE-2021-29256 is an Arm Mali GPU kernel driver use-after-free that CISA added to the Known Exploited Vulnerabilities catalog. The KEV listing means defenders should treat this as an active risk, not just a theoretical bug. The supplied CISA guidance is straightforward: apply vendor updates per vendor instructions, or discontinue use of the product if updates are unavailable. The timeline supplied with th [truncated]
CVE-2023-26083 is an Arm Mali GPU kernel driver information disclosure vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2023-04-07. Because it is KEV-listed, defenders should treat it as a real-world risk rather than a purely theoretical issue. The supplied records do not include a CVSS score, so prioritization should rely on exploitation status and asset exposure. The recom [truncated]
CVE-2022-38181 affects the Arm Mali GPU kernel driver and is described as a use-after-free vulnerability. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2023-03-30, which makes it a priority for remediation. The KEV entry directs defenders to apply updates per vendor instructions.
CVE-2022-22706 affects the Arm Mali GPU kernel driver and is listed in CISA’s Known Exploited Vulnerabilities catalog. That makes it a remediation priority for any environment running affected Arm Mali GPU software, even though the public description is limited and does not provide a technical subtype.
CVE-2021-28664 is a CISA Known Exploited Vulnerability affecting Arm Mali Graphics Processing Unit (GPU) products. CISA added it to the KEV catalog on 2021-11-03 and set a remediation due date of 2021-11-17, so affected fleets should be patched per vendor guidance as a priority.
CVE-2021-28663 is a use-after-free vulnerability affecting the Arm Mali Graphics Processing Unit (GPU). CISA included it in the Known Exploited Vulnerabilities catalog on 2021-11-03, which indicates active exploitation concern and makes timely remediation important.
CVE-2021-27562 is an out-of-bounds write in Arm Trusted Firmware. CISA added it to the Known Exploited Vulnerabilities catalog on 2021-11-03 and set a remediation due date of 2021-11-17, so it should be treated as an urgent patching item for any affected environment.