Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-23180
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dpaa2-switch: add bounds check for if_id in IRQ handler<br /> <br /> The IRQ handler extracts if_id from the upper 16 bits of the hardware<br /> status register and uses it to index into ethsw-&gt;ports[] without<br /> validation. Since if_id can be any 16-bit value (0-65535) but the ports<br /> array is only allocated with sw_attr.num_ifs elements, this can lead to<br /> an out-of-bounds read potentially.<br /> <br /> Add a bounds check before accessing the array, consistent with the<br /> existing validation in dpaa2_switch_rx().
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2026-23181
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: sync read disk super and set block size<br /> <br /> When the user performs a btrfs mount, the block device is not set<br /> correctly. The user sets the block size of the block device to 0x4000<br /> by executing the BLKBSZSET command.<br /> Since the block size change also changes the mapping-&gt;flags value, this<br /> further affects the result of the mapping_min_folio_order() calculation.<br /> <br /> Let&amp;#39;s analyze the following two scenarios:<br /> <br /> Scenario 1: Without executing the BLKBSZSET command, the block size is<br /> 0x1000, and mapping_min_folio_order() returns 0;<br /> <br /> Scenario 2: After executing the BLKBSZSET command, the block size is<br /> 0x4000, and mapping_min_folio_order() returns 2.<br /> <br /> do_read_cache_folio() allocates a folio before the BLKBSZSET command<br /> is executed. This results in the allocated folio having an order value<br /> of 0. Later, after BLKBSZSET is executed, the block size increases to<br /> 0x4000, and the mapping_min_folio_order() calculation result becomes 2.<br /> <br /> This leads to two undesirable consequences:<br /> <br /> 1. filemap_add_folio() triggers a VM_BUG_ON_FOLIO(folio_order(folio)
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2026-23182
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: tegra: Fix a memory leak in tegra_slink_probe()<br /> <br /> In tegra_slink_probe(), when platform_get_irq() fails, it directly<br /> returns from the function with an error code, which causes a memory leak.<br /> <br /> Replace it with a goto label to ensure proper cleanup.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2025-71203
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> riscv: Sanitize syscall table indexing under speculation<br /> <br /> The syscall number is a user-controlled value used to index into the<br /> syscall table. Use array_index_nospec() to clamp this value after the<br /> bounds check to prevent speculative out-of-bounds access and subsequent<br /> data leakage via cache side channels.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2025-71204
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb/server: fix refcount leak in parse_durable_handle_context()<br /> <br /> When the command is a replay operation and -ENOEXEC is returned,<br /> the refcount of ksmbd_file must be released.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2025-71220
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()<br /> <br /> When ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close().
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2025-71221
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()<br /> <br /> Add proper locking in mmp_pdma_residue() to prevent use-after-free when<br /> accessing descriptor list and descriptor contents.<br /> <br /> The race occurs when multiple threads call tx_status() while the tasklet<br /> on another CPU is freeing completed descriptors:<br /> <br /> CPU 0 CPU 1<br /> ----- -----<br /> mmp_pdma_tx_status()<br /> mmp_pdma_residue()<br /> -&gt; NO LOCK held<br /> list_for_each_entry(sw, ..)<br /> DMA interrupt<br /> dma_do_tasklet()<br /> -&gt; spin_lock(&amp;desc_lock)<br /> list_move(sw-&gt;node, ...)<br /> spin_unlock(&amp;desc_lock)<br /> | dma_pool_free(sw) access sw-&gt;desc 1).<br /> <br /> Fix by protecting the chain_running list iteration and descriptor access<br /> with the chan-&gt;desc_lock spinlock.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2025-71222
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: wlcore: ensure skb headroom before skb_push<br /> <br /> This avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is<br /> less than needed (typically 110 - 94 = 16 bytes).
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2025-71223
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb/server: fix refcount leak in smb2_open()<br /> <br /> When ksmbd_vfs_getattr() fails, the reference count of ksmbd_file<br /> must be released.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2025-71224
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: mac80211: ocb: skip rx_no_sta when interface is not joined<br /> <br /> ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only<br /> present after JOIN_OCB.<br /> <br /> RX may run before JOIN_OCB is executed, in which case the OCB interface<br /> is not operational. Skip RX peer handling when the interface is not<br /> joined to avoid warnings in the RX path.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2026-23168
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> flex_proportions: make fprop_new_period() hardirq safe<br /> <br /> Bernd has reported a lockdep splat from flexible proportions code that is<br /> essentially complaining about the following race:<br /> <br /> <br /> run_timer_softirq - we are in softirq context<br /> call_timer_fn<br /> writeout_period<br /> fprop_new_period<br /> write_seqcount_begin(&amp;p-&gt;sequence);<br /> <br /> <br /> ...<br /> blk_mq_end_request()<br /> blk_update_request()<br /> ext4_end_bio()<br /> folio_end_writeback()<br /> __wb_writeout_add()<br /> __fprop_add_percpu_max()<br /> if (unlikely(max_frac sequence);<br /> - sees odd sequence so loops indefinitely<br /> <br /> Note that a deadlock like this is only possible if the bdi has configured<br /> maximum fraction of writeout throughput which is very rare in general but<br /> frequent for example for FUSE bdis. To fix this problem we have to make<br /> sure write section of the sequence counter is irqsafe.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026

CVE-2026-23169
Publication date:
14/02/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()<br /> <br /> syzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id()<br /> and/or mptcp_pm_nl_is_backup()<br /> <br /> Root cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit()<br /> which is not RCU ready.<br /> <br /> list_splice_init_rcu() can not be called here while holding pernet-&gt;lock<br /> spinlock.<br /> <br /> Many thanks to Eulgyu Kim for providing a repro and testing our patches.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2026
Subscribe to Vulnerabilities