Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-40992
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/rxe: Fix responder length checking for UD request packets<br /> <br /> According to the IBA specification:<br /> If a UD request packet is detected with an invalid length, the request<br /> shall be an invalid request and it shall be silently dropped by<br /> the responder. The responder then waits for a new request packet.<br /> <br /> commit 689c5421bfe0 ("RDMA/rxe: Fix incorrect responder length checking")<br /> defers responder length check for UD QPs in function `copy_data`.<br /> But it introduces a regression issue for UD QPs.<br /> <br /> When the packet size is too large to fit in the receive buffer.<br /> `copy_data` will return error code -EINVAL. Then `send_data_in`<br /> will return RESPST_ERR_MALFORMED_WQE. UD QP will transfer into<br /> ERROR state.
Severity CVSS v4.0: Pending analysis
Last modification:
07/10/2025

CVE-2024-40997
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cpufreq: amd-pstate: fix memory leak on CPU EPP exit<br /> <br /> The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is<br /> not freed in the analogous exit function, so fix that.<br /> <br /> [ rjw: Subject and changelog edits ]
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2024

CVE-2024-40998
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: fix uninitialized ratelimit_state-&gt;lock access in __ext4_fill_super()<br /> <br /> In the following concurrency we will access the uninitialized rs-&gt;lock:<br /> <br /> ext4_fill_super<br /> ext4_register_sysfs<br /> // sysfs registered msg_ratelimit_interval_ms<br /> // Other processes modify rs-&gt;interval to<br /> // non-zero via msg_ratelimit_interval_ms<br /> ext4_orphan_cleanup<br /> ext4_msg(sb, KERN_INFO, "Errors on filesystem, "<br /> __ext4_msg<br /> ___ratelimit(&amp;(EXT4_SB(sb)-&gt;s_msg_ratelimit_state)<br /> if (!rs-&gt;interval) // do nothing if interval is 0<br /> return 1;<br /> raw_spin_trylock_irqsave(&amp;rs-&gt;lock, flags)<br /> raw_spin_trylock(lock)<br /> _raw_spin_trylock<br /> __raw_spin_trylock<br /> spin_acquire(&amp;lock-&gt;dep_map, 0, 1, _RET_IP_)<br /> lock_acquire<br /> __lock_acquire<br /> register_lock_class<br /> assign_lock_key<br /> dump_stack();<br /> ratelimit_state_init(&amp;sbi-&gt;s_msg_ratelimit_state, 5 * HZ, 10);<br /> raw_spin_lock_init(&amp;rs-&gt;lock);<br /> // init rs-&gt;lock here<br /> <br /> and get the following dump_stack:<br /> <br /> =========================================================<br /> INFO: trying to register non-static key.<br /> The code is fine but needs lockdep annotation, or maybe<br /> you didn&amp;#39;t initialize this object before use?<br /> turning off the locking correctness validator.<br /> CPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504<br /> [...]<br /> Call Trace:<br /> dump_stack_lvl+0xc5/0x170<br /> dump_stack+0x18/0x30<br /> register_lock_class+0x740/0x7c0<br /> __lock_acquire+0x69/0x13a0<br /> lock_acquire+0x120/0x450<br /> _raw_spin_trylock+0x98/0xd0<br /> ___ratelimit+0xf6/0x220<br /> __ext4_msg+0x7f/0x160 [ext4]<br /> ext4_orphan_cleanup+0x665/0x740 [ext4]<br /> __ext4_fill_super+0x21ea/0x2b10 [ext4]<br /> ext4_fill_super+0x14d/0x360 [ext4]<br /> [...]<br /> =========================================================<br /> <br /> Normally interval is 0 until s_msg_ratelimit_state is initialized, so<br /> ___ratelimit() does nothing. But registering sysfs precedes initializing<br /> rs-&gt;lock, so it is possible to change rs-&gt;interval to a non-zero value<br /> via the msg_ratelimit_interval_ms interface of sysfs while rs-&gt;lock is<br /> uninitialized, and then a call to ext4_msg triggers the problem by<br /> accessing an uninitialized rs-&gt;lock. Therefore register sysfs after all<br /> initializations are complete to avoid such problems.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2024-40999
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: ena: Add validation for completion descriptors consistency<br /> <br /> Validate that `first` flag is set only for the first<br /> descriptor in multi-buffer packets.<br /> In case of an invalid descriptor, a reset will occur.<br /> A new reset reason for RX data corruption has been added.
Severity CVSS v4.0: Pending analysis
Last modification:
07/10/2025

CVE-2024-41000
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> block/ioctl: prefer different overflow check<br /> <br /> Running syzkaller with the newly reintroduced signed integer overflow<br /> sanitizer shows this report:<br /> <br /> [ 62.982337] ------------[ cut here ]------------<br /> [ 62.985692] cgroup: Invalid name<br /> [ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46<br /> [ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1<br /> [ 62.992992] 9223372036854775807 + 4095 cannot be represented in type &amp;#39;long long&amp;#39;<br /> [ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1<br /> [ 62.999369] random: crng reseeded on system resumption<br /> [ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000)<br /> [ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1<br /> [ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br /> [ 63.000682] Call Trace:<br /> [ 63.000686] <br /> [ 63.000731] dump_stack_lvl+0x93/0xd0<br /> [ 63.000919] __get_user_pages+0x903/0xd30<br /> [ 63.001030] __gup_longterm_locked+0x153e/0x1ba0<br /> [ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50<br /> [ 63.001072] ? try_get_folio+0x29c/0x2d0<br /> [ 63.001083] internal_get_user_pages_fast+0x1119/0x1530<br /> [ 63.001109] iov_iter_extract_pages+0x23b/0x580<br /> [ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220<br /> [ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410<br /> [ 63.001297] __iomap_dio_rw+0xab4/0x1810<br /> [ 63.001316] iomap_dio_rw+0x45/0xa0<br /> [ 63.001328] ext4_file_write_iter+0xdde/0x1390<br /> [ 63.001372] vfs_write+0x599/0xbd0<br /> [ 63.001394] ksys_write+0xc8/0x190<br /> [ 63.001403] do_syscall_64+0xd4/0x1b0<br /> [ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60<br /> [ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77<br /> [ 63.001535] RIP: 0033:0x7f7fd3ebf539<br /> [ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48<br /> [ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001<br /> [ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539<br /> [ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004<br /> [ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000<br /> [ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000<br /> [ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8<br /> ...<br /> [ 63.018142] ---[ end trace ]---<br /> <br /> Historically, the signed integer overflow sanitizer did not work in the<br /> kernel due to its interaction with `-fwrapv` but this has since been<br /> changed [1] in the newest version of Clang; It was re-enabled in the<br /> kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow<br /> sanitizer").<br /> <br /> Let&amp;#39;s rework this overflow checking logic to not actually perform an<br /> overflow during the check itself, thus avoiding the UBSAN splat.<br /> <br /> [1]: https://github.com/llvm/llvm-project/pull/82432
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2026

CVE-2024-40987
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix UBSAN warning in kv_dpm.c<br /> <br /> Adds bounds check for sumo_vid_mapping_entry.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-40988
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/radeon: fix UBSAN warning in kv_dpm.c<br /> <br /> Adds bounds check for sumo_vid_mapping_entry.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-40989
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: arm64: Disassociate vcpus from redistributor region on teardown<br /> <br /> When tearing down a redistributor region, make sure we don&amp;#39;t have<br /> any dangling pointer to that region stored in a vcpu.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-40990
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/mlx5: Add check for srq max_sge attribute<br /> <br /> max_sge attribute is passed by the user, and is inserted and used<br /> unchecked, so verify that the value doesn&amp;#39;t exceed maximum allowed value<br /> before using it.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-40993
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: ipset: Fix suspicious rcu_dereference_protected()<br /> <br /> When destroying all sets, we are either in pernet exit phase or<br /> are executing a "destroy all sets command" from userspace. The latter<br /> was taken into account in ip_set_dereference() (nfnetlink mutex is held),<br /> but the former was not. The patch adds the required check to<br /> rcu_dereference_protected() in ip_set_dereference().
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-40994
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ptp: fix integer overflow in max_vclocks_store<br /> <br /> On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc()<br /> to do the allocation to prevent this.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-40995
Publication date:
12/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()<br /> <br /> syzbot found hanging tasks waiting on rtnl_lock [1]<br /> <br /> A reproducer is available in the syzbot bug.<br /> <br /> When a request to add multiple actions with the same index is sent, the<br /> second request will block forever on the first request. This holds<br /> rtnl_lock, and causes tasks to hang.<br /> <br /> Return -EAGAIN to prevent infinite looping, while keeping documented<br /> behavior.<br /> <br /> [1]<br /> <br /> INFO: task kworker/1:0:5088 blocked for more than 143 seconds.<br /> Not tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0<br /> "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> task:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000<br /> Workqueue: events_power_efficient reg_check_chans_work<br /> Call Trace:<br /> <br /> context_switch kernel/sched/core.c:5409 [inline]<br /> __schedule+0xf15/0x5d00 kernel/sched/core.c:6746<br /> __schedule_loop kernel/sched/core.c:6823 [inline]<br /> schedule+0xe7/0x350 kernel/sched/core.c:6838<br /> schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895<br /> __mutex_lock_common kernel/locking/mutex.c:684 [inline]<br /> __mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752<br /> wiphy_lock include/net/cfg80211.h:5953 [inline]<br /> reg_leave_invalid_chans net/wireless/reg.c:2466 [inline]<br /> reg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities