Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-23177
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm, shmem: prevent infinite loop on truncate race<br /> <br /> When truncating a large swap entry, shmem_free_swap() returns 0 when the<br /> entry&amp;#39;s index doesn&amp;#39;t match the given index due to lookup alignment. The<br /> failure fallback path checks if the entry crosses the end border and<br /> aborts when it happens, so truncate won&amp;#39;t erase an unexpected entry or<br /> range. But one scenario was ignored.<br /> <br /> When `index` points to the middle of a large swap entry, and the large<br /> swap entry doesn&amp;#39;t go across the end border, find_get_entries() will<br /> return that large swap entry as the first item in the batch with<br /> `indices[0]` equal to `index`. The entry&amp;#39;s base index will be smaller<br /> than `indices[0]`, so shmem_free_swap() will fail and return 0 due to the<br /> "base
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2026-23178
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()<br /> <br /> `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data<br /> into `ihid-&gt;rawbuf`.<br /> <br /> The former can come from the userspace in the hidraw driver and is only<br /> bounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set<br /> `max_buffer_size` field of `struct hid_ll_driver` which we do not).<br /> <br /> The latter has size determined at runtime by the maximum size of<br /> different report types you could receive on any particular device and<br /> can be a much smaller value.<br /> <br /> Fix this by truncating `recv_len` to `ihid-&gt;bufsize - sizeof(__le16)`.<br /> <br /> The impact is low since access to hidraw devices requires root.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2026-23179
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()<br /> <br /> When the socket is closed while in TCP_LISTEN a callback is run to<br /> flush all outstanding packets, which in turns calls<br /> nvmet_tcp_listen_data_ready() with the sk_callback_lock held.<br /> So we need to check if we are in TCP_LISTEN before attempting<br /> to get the sk_callback_lock() to avoid a deadlock.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2026-23180
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dpaa2-switch: add bounds check for if_id in IRQ handler<br /> <br /> The IRQ handler extracts if_id from the upper 16 bits of the hardware<br /> status register and uses it to index into ethsw-&gt;ports[] without<br /> validation. Since if_id can be any 16-bit value (0-65535) but the ports<br /> array is only allocated with sw_attr.num_ifs elements, this can lead to<br /> an out-of-bounds read potentially.<br /> <br /> Add a bounds check before accessing the array, consistent with the<br /> existing validation in dpaa2_switch_rx().
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2026-23181
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: sync read disk super and set block size<br /> <br /> When the user performs a btrfs mount, the block device is not set<br /> correctly. The user sets the block size of the block device to 0x4000<br /> by executing the BLKBSZSET command.<br /> Since the block size change also changes the mapping-&gt;flags value, this<br /> further affects the result of the mapping_min_folio_order() calculation.<br /> <br /> Let&amp;#39;s analyze the following two scenarios:<br /> <br /> Scenario 1: Without executing the BLKBSZSET command, the block size is<br /> 0x1000, and mapping_min_folio_order() returns 0;<br /> <br /> Scenario 2: After executing the BLKBSZSET command, the block size is<br /> 0x4000, and mapping_min_folio_order() returns 2.<br /> <br /> do_read_cache_folio() allocates a folio before the BLKBSZSET command<br /> is executed. This results in the allocated folio having an order value<br /> of 0. Later, after BLKBSZSET is executed, the block size increases to<br /> 0x4000, and the mapping_min_folio_order() calculation result becomes 2.<br /> <br /> This leads to two undesirable consequences:<br /> <br /> 1. filemap_add_folio() triggers a VM_BUG_ON_FOLIO(folio_order(folio)
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2026-23182
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: tegra: Fix a memory leak in tegra_slink_probe()<br /> <br /> In tegra_slink_probe(), when platform_get_irq() fails, it directly<br /> returns from the function with an error code, which causes a memory leak.<br /> <br /> Replace it with a goto label to ensure proper cleanup.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-71223
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb/server: fix refcount leak in smb2_open()<br /> <br /> When ksmbd_vfs_getattr() fails, the reference count of ksmbd_file<br /> must be released.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2026

CVE-2025-71204
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb/server: fix refcount leak in parse_durable_handle_context()<br /> <br /> When the command is a replay operation and -ENOEXEC is returned,<br /> the refcount of ksmbd_file must be released.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2026

CVE-2025-71222
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: wlcore: ensure skb headroom before skb_push<br /> <br /> This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is<br /> less than needed (typically 110 - 94 = 16 bytes).
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2026

CVE-2025-71220
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()<br /> <br /> When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close().
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2026

CVE-2025-71203
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> riscv: Sanitize syscall table indexing under speculation<br /> <br /> The syscall number is a user-controlled value used to index into the<br /> syscall table. Use array_index_nospec() to clamp this value after the<br /> bounds check to prevent speculative out-of-bounds access and subsequent<br /> data leakage via cache side channels.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-71221
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()<br /> <br /> Add proper locking in mmp_pdma_residue() to prevent use-after-free when<br /> accessing descriptor list and descriptor contents.<br /> <br /> The race occurs when multiple threads call tx_status() while the tasklet<br /> on another CPU is freeing completed descriptors:<br /> <br /> CPU 0 CPU 1<br /> ----- -----<br /> mmp_pdma_tx_status()<br /> mmp_pdma_residue()<br /> -&gt; NO LOCK held<br /> list_for_each_entry(sw, ..)<br /> DMA interrupt<br /> dma_do_tasklet()<br /> -&gt; spin_lock(&amp;desc_lock)<br /> list_move(sw-&gt;node, ...)<br /> spin_unlock(&amp;desc_lock)<br /> | dma_pool_free(sw) access sw-&gt;desc 1).<br /> <br /> Fix by protecting the chain_running list iteration and descriptor access<br /> with the chan-&gt;desc_lock spinlock.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026
Subscribe to Vulnerabilities