Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-50354

Publication date:
17/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdkfd: Fix kfd_process_device_init_vm error handling<br /> <br /> Should only destroy the ib_mem and let process cleanup worker to free<br /> the outstanding BOs. Reset the pointer in pdd-&gt;qpd structure, to avoid<br /> NULL pointer access in process destroy worker.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000010<br /> Call Trace:<br /> amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel+0x46/0xb0 [amdgpu]<br /> kfd_process_device_destroy_cwsr_dgpu+0x40/0x70 [amdgpu]<br /> kfd_process_destroy_pdds+0x71/0x190 [amdgpu]<br /> kfd_process_wq_release+0x2a2/0x3b0 [amdgpu]<br /> process_one_work+0x2a1/0x600<br /> worker_thread+0x39/0x3d0
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2022-50355

Publication date:
17/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> staging: vt6655: fix some erroneous memory clean-up loops<br /> <br /> In some initialization functions of this driver, memory is allocated with<br /> &amp;#39;i&amp;#39; acting as an index variable and increasing from 0. The commit in<br /> "Fixes" introduces some clean-up codes in case of allocation failure,<br /> which free memory in reverse order with &amp;#39;i&amp;#39; decreasing to 0. However,<br /> there are some problems:<br /> - The case i=0 is left out. Thus memory is leaked.<br /> - In case memory allocation fails right from the start, the memory<br /> freeing loops will start with i=-1 and invalid memory locations will<br /> be accessed.<br /> <br /> One of these loops has been fixed in commit c8ff91535880 ("staging:<br /> vt6655: fix potential memory leak"). Fix the remaining erroneous loops.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2022-50356

Publication date:
17/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: sched: sfb: fix null pointer access issue when sfb_init() fails<br /> <br /> When the default qdisc is sfb, if the qdisc of dev_queue fails to be<br /> inited during mqprio_init(), sfb_reset() is invoked to clear resources.<br /> In this case, the q-&gt;qdisc is NULL, and it will cause gpf issue.<br /> <br /> The process is as follows:<br /> qdisc_create_dflt()<br /> sfb_init()<br /> tcf_block_get() ---&gt;failed, q-&gt;qdisc is NULL<br /> ...<br /> qdisc_put()<br /> ...<br /> sfb_reset()<br /> qdisc_reset(q-&gt;qdisc) ---&gt;q-&gt;qdisc is NULL<br /> ops = qdisc-&gt;ops<br /> <br /> The following is the Call Trace information:<br /> general protection fault, probably for non-canonical address<br /> 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN<br /> KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]<br /> RIP: 0010:qdisc_reset+0x2b/0x6f0<br /> Call Trace:<br /> <br /> sfb_reset+0x37/0xd0<br /> qdisc_reset+0xed/0x6f0<br /> qdisc_destroy+0x82/0x4c0<br /> qdisc_put+0x9e/0xb0<br /> qdisc_create_dflt+0x2c3/0x4a0<br /> mqprio_init+0xa71/0x1760<br /> qdisc_create+0x3eb/0x1000<br /> tc_modify_qdisc+0x408/0x1720<br /> rtnetlink_rcv_msg+0x38e/0xac0<br /> netlink_rcv_skb+0x12d/0x3a0<br /> netlink_unicast+0x4a2/0x740<br /> netlink_sendmsg+0x826/0xcc0<br /> sock_sendmsg+0xc5/0x100<br /> ____sys_sendmsg+0x583/0x690<br /> ___sys_sendmsg+0xe8/0x160<br /> __sys_sendmsg+0xbf/0x160<br /> do_syscall_64+0x35/0x80<br /> entry_SYSCALL_64_after_hwframe+0x46/0xb0<br /> RIP: 0033:0x7f2164122d04<br />
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2022-50357

Publication date:
17/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: dwc3: core: fix some leaks in probe<br /> <br /> The dwc3_get_properties() function calls:<br /> <br /> dwc-&gt;usb_psy = power_supply_get_by_name(usb_psy_name);<br /> <br /> so there is some additional clean up required on these error paths.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2022-50358

Publication date:
17/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> brcmfmac: return error when getting invalid max_flowrings from dongle<br /> <br /> When firmware hit trap at initialization, host will read abnormal<br /> max_flowrings number from dongle, and it will cause kernel panic when<br /> doing iowrite to initialize dongle ring.<br /> To detect this error at early stage, we directly return error when getting<br /> invalid max_flowrings(&gt;256).
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2022-50359

Publication date:
17/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: cx88: Fix a null-ptr-deref bug in buffer_prepare()<br /> <br /> When the driver calls cx88_risc_buffer() to prepare the buffer, the<br /> function call may fail, resulting in a empty buffer and null-ptr-deref<br /> later in buffer_queue().<br /> <br /> The following log can reveal it:<br /> <br /> [ 41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI<br /> [ 41.824488] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]<br /> [ 41.828027] RIP: 0010:buffer_queue+0xc2/0x500<br /> [ 41.836311] Call Trace:<br /> [ 41.836945] __enqueue_in_driver+0x141/0x360<br /> [ 41.837262] vb2_start_streaming+0x62/0x4a0<br /> [ 41.838216] vb2_core_streamon+0x1da/0x2c0<br /> [ 41.838516] __vb2_init_fileio+0x981/0xbc0<br /> [ 41.839141] __vb2_perform_fileio+0xbf9/0x1120<br /> [ 41.840072] vb2_fop_read+0x20e/0x400<br /> [ 41.840346] v4l2_read+0x215/0x290<br /> [ 41.840603] vfs_read+0x162/0x4c0<br /> <br /> Fix this by checking the return value of cx88_risc_buffer()<br /> <br /> [hverkuil: fix coding style issues]
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2022-50360

Publication date:
17/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm/dp: fix aux-bus EP lifetime<br /> <br /> Device-managed resources allocated post component bind must be tied to<br /> the lifetime of the aggregate DRM device or they will not necessarily be<br /> released when binding of the aggregate device is deferred.<br /> <br /> This can lead resource leaks or failure to bind the aggregate device<br /> when binding is later retried and a second attempt to allocate the<br /> resources is made.<br /> <br /> For the DP aux-bus, an attempt to populate the bus a second time will<br /> simply fail ("DP AUX EP device already populated").<br /> <br /> Fix this by tying the lifetime of the EP device to the DRM device rather<br /> than DP controller platform device.<br /> <br /> Patchwork: https://patchwork.freedesktop.org/patch/502672/
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2022-50361

Publication date:
17/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init()<br /> <br /> Fault injection test reports this issue:<br /> <br /> kernel BUG at net/core/dev.c:10731!<br /> invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI<br /> Call Trace:<br /> <br /> wilc_netdev_ifc_init+0x19f/0x220 [wilc1000 884bf126e9e98af6a708f266a8dffd53f99e4bf5]<br /> wilc_cfg80211_init+0x30c/0x380 [wilc1000 884bf126e9e98af6a708f266a8dffd53f99e4bf5]<br /> wilc_bus_probe+0xad/0x2b0 [wilc1000_spi 1520a7539b6589cc6cde2ae826a523a33f8bacff]<br /> spi_probe+0xe4/0x140<br /> really_probe+0x17e/0x3f0<br /> __driver_probe_device+0xe3/0x170<br /> driver_probe_device+0x49/0x120<br /> <br /> The root case here is alloc_ordered_workqueue() fails, but<br /> cfg80211_unregister_netdevice() or unregister_netdev() not be called in<br /> error handling path. To fix add unregister_netdev goto lable to add the<br /> unregister operation in error handling path.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2022-50362

Publication date:
17/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: hisilicon: Add multi-thread support for a DMA channel<br /> <br /> When we get a DMA channel and try to use it in multiple threads it<br /> will cause oops and hanging the system.<br /> <br /> % echo 100 &gt; /sys/module/dmatest/parameters/threads_per_chan<br /> % echo 100 &gt; /sys/module/dmatest/parameters/iterations<br /> % echo 1 &gt; /sys/module/dmatest/parameters/run<br /> [383493.327077] Unable to handle kernel paging request at virtual<br /> address dead000000000108<br /> [383493.335103] Mem abort info:<br /> [383493.335103] ESR = 0x96000044<br /> [383493.335105] EC = 0x25: DABT (current EL), IL = 32 bits<br /> [383493.335107] SET = 0, FnV = 0<br /> [383493.335108] EA = 0, S1PTW = 0<br /> [383493.335109] FSC = 0x04: level 0 translation fault<br /> [383493.335110] Data abort info:<br /> [383493.335111] ISV = 0, ISS = 0x00000044<br /> [383493.364739] CM = 0, WnR = 1<br /> [383493.367793] [dead000000000108] address between user and kernel<br /> address ranges<br /> [383493.375021] Internal error: Oops: 96000044 [#1] PREEMPT SMP<br /> [383493.437574] CPU: 63 PID: 27895 Comm: dma0chan0-copy2 Kdump:<br /> loaded Tainted: GO 5.17.0-rc4+ #2<br /> [383493.457851] pstate: 204000c9 (nzCv daIF +PAN -UAO -TCO -DIT<br /> -SSBS BTYPE=--)<br /> [383493.465331] pc : vchan_tx_submit+0x64/0xa0<br /> [383493.469957] lr : vchan_tx_submit+0x34/0xa0<br /> <br /> This occurs because the transmission timed out, and that&amp;#39;s due<br /> to data race. Each thread rewrite channels&amp;#39;s descriptor as soon as<br /> device_issue_pending is called. It leads to the situation that<br /> the driver thinks that it uses the right descriptor in interrupt<br /> handler while channels&amp;#39;s descriptor has been changed by other<br /> thread. The descriptor which in fact reported interrupt will not<br /> be handled any more, as well as its tx-&gt;callback.<br /> That&amp;#39;s why timeout reports.<br /> <br /> With current fixes channels&amp;#39; descriptor changes it&amp;#39;s value only<br /> when it has been used. A new descriptor is acquired from<br /> vc-&gt;desc_issued queue that is already filled with descriptors<br /> that are ready to be sent. Threads have no direct access to DMA<br /> channel descriptor. In case of channel&amp;#39;s descriptor is busy, try<br /> to submit to HW again when a descriptor is completed. In this case,<br /> vc-&gt;desc_issued may be empty when hisi_dma_start_transfer is called,<br /> so delete error reporting on this. Now it is just possible to queue<br /> a descriptor for further processing.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2022-50353

Publication date:
17/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mmc: wmt-sdmmc: fix return value check of mmc_add_host()<br /> <br /> mmc_add_host() may return error, if we ignore its return value, the memory<br /> that allocated in mmc_alloc_host() will be leaked and it will lead a kernel<br /> crash because of deleting not added device in the remove path.<br /> <br /> So fix this by checking the return value and goto error path which will call<br /> mmc_free_host(), besides, clk_disable_unprepare() also needs be called.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2025-59474

Publication date:
17/09/2025
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025

CVE-2025-59475

Publication date:
17/09/2025
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu (e.g., whether Credentials Plugin is installed).
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2025