M2team CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW M2team CVE published 2026-05-12

CVE-2026-42443

CVE-2026-42443 is a local denial-of-service issue in NanaZip’s UFS/UFS2 filesystem image parser. A crafted UFS image can set the superblock field fs_ipg to zero, and the parser uses that value as a divisor without validation, causing an immediate divide-by-zero trap and process crash. The issue is fixed in NanaZip 6.0.1698.0.

LOW M2team CVE published 2026-05-12

CVE-2026-42442

CVE-2026-42442 is a low-severity denial-of-service issue in NanaZip’s UFS/UFS2 filesystem image parser. A crafted UFS image can trigger a null-pointer dereference when the parser opens a root inode that is marked as a symlink instead of a directory. The issue is fixed in NanaZip 6.0.1698.0.