These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-43350 is a Linux kernel SMB/CIFS client memory-safety issue in the DACL parsing path. A malicious server can return an ACE whose SID is short enough to match the special NFS mode SID check, but still lacks the third subauthority that the code later reads. That can drive an out-of-bounds read past the end of the ACE when mode bits are recovered.
CVE-2026-43347 is a Linux kernel arm64 device-tree issue affecting Qualcomm Monaco-based platforms. According to the CVE record, firmware only reserved part of the Gunyah metadata area, leaving the rest available as conventional memory; the kernel could then allocate from hypervisor-owned pages and trigger synchronous external aborts and crashes. The fix reserves the full 512 KiB region and marks it no-ma [truncated]
CVE-2026-43345 is a Linux kernel availability issue in the IPA/GSI path for IPA v5.0+. A register-definition mistake left the event ring index unprogrammed, so transfer completions could stop signaling entirely. In practice, that could make gsi_channel_trans_quiesce() wait forever and hang runtime suspend, system suspend, remoteproc stop, and the IPA data path itself.
CVE-2026-43341 is a Linux kernel vulnerability in net/ipv6 ioam6 trace filling where a schema-length value could wrap around and defeat a remaining-space check. The resulting cursor miscalculation could allow writes past the trace buffer, and the upstream fix keeps the length in a wider integer type so the size checks and cursor math use the full value.
CVE-2026-43339 is a Linux kernel IPv6 use-after-free issue in addrconf_permanent_addr(). According to the published description, the helper tried to warn about an exceptional condition, but the warning was issued too late and accessed the ipv6 data after it may already have been deleted. The fix reorders the logic and moves the warning outside idev->lock, reducing the chance of dereferencing freed memory.