Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-38543
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/tegra: nvdec: Fix dma_alloc_coherent error check<br /> <br /> Check for NULL return value with dma_alloc_coherent, in line with<br /> Robin&amp;#39;s fix for vic.c in &amp;#39;drm/tegra: vic: Fix DMA API misuse&amp;#39;.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38544
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rxrpc: Fix bug due to prealloc collision<br /> <br /> When userspace is using AF_RXRPC to provide a server, it has to preallocate<br /> incoming calls and assign to them call IDs that will be used to thread<br /> related recvmsg() and sendmsg() together. The preallocated call IDs will<br /> automatically be attached to calls as they come in until the pool is empty.<br /> <br /> To the kernel, the call IDs are just arbitrary numbers, but userspace can<br /> use the call ID to hold a pointer to prepared structs. In any case, the<br /> user isn&amp;#39;t permitted to create two calls with the same call ID (call IDs<br /> become available again when the call ends) and EBADSLT should result from<br /> sendmsg() if an attempt is made to preallocate a call with an in-use call<br /> ID.<br /> <br /> However, the cleanup in the error handling will trigger both assertions in<br /> rxrpc_cleanup_call() because the call isn&amp;#39;t marked complete and isn&amp;#39;t<br /> marked as having been released.<br /> <br /> Fix this by setting the call state in rxrpc_service_prealloc_one() and then<br /> marking it as being released before calling the cleanup function.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38545
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info<br /> <br /> While transitioning from netdev_alloc_ip_align() to build_skb(), memory<br /> for the "skb_shared_info" member of an "skb" was not allocated. Fix this<br /> by allocating "PAGE_SIZE" as the skb length, accounting for the packet<br /> length, headroom and tailroom, thereby including the required memory space<br /> for skb_shared_info.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38546
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> atm: clip: Fix memory leak of struct clip_vcc.<br /> <br /> ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to<br /> vcc-&gt;user_back.<br /> <br /> The code assumes that vcc_destroy_socket() passes NULL skb<br /> to vcc-&gt;push() when the socket is close()d, and then clip_push()<br /> frees clip_vcc.<br /> <br /> However, ioctl(ATMARPD_CTRL) sets NULL to vcc-&gt;push() in<br /> atm_init_atmarp(), resulting in memory leak.<br /> <br /> Let&amp;#39;s serialise two ioctl() by lock_sock() and check vcc-&gt;push()<br /> in atm_init_atmarp() to prevent memleak.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38547
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps<br /> <br /> The AXP717 ADC channel maps is missing a sentinel entry at the end. This<br /> causes a KASAN warning.<br /> <br /> Add the missing sentinel entry.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38548
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hwmon: (corsair-cpro) Validate the size of the received input buffer<br /> <br /> Add buffer_recv_size to store the size of the received bytes.<br /> Validate buffer_recv_size in send_usb_cmd().
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38534
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfs: Fix copy-to-cache so that it performs collection with ceph+fscache<br /> <br /> The netfs copy-to-cache that is used by Ceph with local caching sets up a<br /> new request to write data just read to the cache. The request is started<br /> and then left to look after itself whilst the app continues. The request<br /> gets notified by the backing fs upon completion of the async DIO write, but<br /> then tries to wake up the app because NETFS_RREQ_OFFLOAD_COLLECTION isn&amp;#39;t<br /> set - but the app isn&amp;#39;t waiting there, and so the request just hangs.<br /> <br /> Fix this by setting NETFS_RREQ_OFFLOAD_COLLECTION which causes the<br /> notification from the backing filesystem to put the collection onto a work<br /> queue instead.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38535
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode<br /> <br /> When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code<br /> assumed that the regulator should be disabled. However, if the regulator<br /> is marked as always-on, regulator_is_enabled() continues to return true,<br /> leading to an incorrect attempt to disable a regulator which is not<br /> enabled.<br /> <br /> This can result in warnings such as:<br /> <br /> [ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004<br /> _regulator_disable+0xe4/0x1a0<br /> [ 250.155652] unbalanced disables for VIN_SYS_5V0<br /> <br /> To fix this, we move the regulator control logic into<br /> tegra186_xusb_padctl_id_override() function since it&amp;#39;s directly related<br /> to the ID override state. The regulator is now only disabled when the role<br /> transitions from USB_ROLE_HOST to USB_ROLE_NONE, by checking the VBUS_ID<br /> register. This ensures that regulator enable/disable operations are<br /> properly balanced and only occur when actually transitioning to/from host<br /> mode.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38536
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: airoha: fix potential use-after-free in airoha_npu_get()<br /> <br /> np-&gt;name was being used after calling of_node_put(np), which<br /> releases the node and can lead to a use-after-free bug.<br /> Previously, of_node_put(np) was called unconditionally after<br /> of_find_device_by_node(np), which could result in a use-after-free if<br /> pdev is NULL.<br /> <br /> This patch moves of_node_put(np) after the error check to ensure<br /> the node is only released after both the error and success cases<br /> are handled appropriately, preventing potential resource issues.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38538
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: nbpfaxi: Fix memory corruption in probe()<br /> <br /> The nbpf-&gt;chan[] array is allocated earlier in the nbpf_probe() function<br /> and it has "num_channels" elements. These three loops iterate one<br /> element farther than they should and corrupt memory.<br /> <br /> The changes to the second loop are more involved. In this case, we&amp;#39;re<br /> copying data from the irqbuf[] array into the nbpf-&gt;chan[] array. If<br /> the data in irqbuf[i] is the error IRQ then we skip it, so the iterators<br /> are not in sync. I added a check to ensure that we don&amp;#39;t go beyond the<br /> end of the irqbuf[] array. I&amp;#39;m pretty sure this can&amp;#39;t happen, but it<br /> seemed harmless to add a check.<br /> <br /> On the other hand, after the loop has ended there is a check to ensure<br /> that the "chan" iterator is where we expect it to be. In the original<br /> code we went one element beyond the end of the array so the iterator<br /> wasn&amp;#39;t in the correct place and it would always return -EINVAL. However,<br /> now it will always be in the correct place. I deleted the check since<br /> we know the result.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38539
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing: Add down_write(trace_event_sem) when adding trace event<br /> <br /> When a module is loaded, it adds trace events defined by the module. It<br /> may also need to modify the modules trace printk formats to replace enum<br /> names with their values.<br /> <br /> If two modules are loaded at the same time, the adding of the event to the<br /> ftrace_events list can corrupt the walking of the list in the code that is<br /> modifying the printk format strings and crash the kernel.<br /> <br /> The addition of the event should take the trace_event_sem for write while<br /> it adds the new event.<br /> <br /> Also add a lockdep_assert_held() on that semaphore in<br /> __trace_add_event_dirs() as it iterates the list.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2025-38540
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras<br /> <br /> The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 &amp; 04F2:B82C)<br /> report a HID sensor interface that is not actually implemented.<br /> Attempting to access this non-functional sensor via iio_info causes<br /> system hangs as runtime PM tries to wake up an unresponsive sensor.<br /> <br /> Add these 2 devices to the HID ignore list since the sensor interface is<br /> non-functional by design and should not be exposed to userspace.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025
Subscribe to Vulnerabilities