Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-50530
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()<br /> <br /> Our syzkaller report a null pointer dereference, root cause is<br /> following:<br /> <br /> __blk_mq_alloc_map_and_rqs<br /> set-&gt;tags[hctx_idx] = blk_mq_alloc_map_and_rqs<br /> blk_mq_alloc_map_and_rqs<br /> blk_mq_alloc_rqs<br /> // failed due to oom<br /> alloc_pages_node<br /> // set-&gt;tags[hctx_idx] is still NULL<br /> blk_mq_free_rqs<br /> drv_tags = set-&gt;tags[hctx_idx];<br /> // null pointer dereference is triggered<br /> blk_mq_clear_rq_mapping(drv_tags, ...)<br /> <br /> This is because commit 63064be150e4 ("blk-mq:<br /> Add blk_mq_alloc_map_and_rqs()") merged the two steps:<br /> <br /> 1) set-&gt;tags[hctx_idx] = blk_mq_alloc_rq_map()<br /> 2) blk_mq_alloc_rqs(..., set-&gt;tags[hctx_idx])<br /> <br /> into one step:<br /> <br /> set-&gt;tags[hctx_idx] = blk_mq_alloc_map_and_rqs()<br /> <br /> Since tags is not initialized yet in this case, fix the problem by<br /> checking if tags is NULL pointer in blk_mq_clear_rq_mapping().
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2026

CVE-2022-50535
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Fix potential null-deref in dm_resume<br /> <br /> [Why]<br /> Fixing smatch error:<br /> dm_resume() error: we previously assumed &amp;#39;aconnector-&gt;dc_link&amp;#39; could be null<br /> <br /> [How]<br /> Check if dc_link null at the beginning of the loop,<br /> so further checks can be dropped.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2026

CVE-2022-50528
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdkfd: Fix memory leakage<br /> <br /> This patch fixes potential memory leakage and seg fault<br /> in _gpuvm_import_dmabuf() function
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50527
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix size validation for non-exclusive domains (v4)<br /> <br /> Fix amdgpu_bo_validate_size() to check whether the TTM domain manager for the<br /> requested memory exists, else we get a kernel oops when dereferencing "man".<br /> <br /> v2: Make the patch standalone, i.e. not dependent on local patches.<br /> v3: Preserve old behaviour and just check that the manager pointer is not<br /> NULL.<br /> v4: Complain if GTT domain requested and it is uninitialized--most likely a<br /> bug.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50526
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm/dp: fix memory corruption with too many bridges<br /> <br /> Add the missing sanity check on the bridge counter to avoid corrupting<br /> data beyond the fixed-sized bridge array in case there are ever more<br /> than eight bridges.<br /> <br /> Patchwork: https://patchwork.freedesktop.org/patch/502664/
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50525
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()<br /> <br /> The fsl_pamu_probe() returns directly when create_csd() failed, leaving<br /> irq and memories unreleased.<br /> Fix by jumping to error if create_csd() returns error.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50524
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/mediatek: Check return value after calling platform_get_resource()<br /> <br /> platform_get_resource() may return NULL pointer, we need check its<br /> return value to avoid null-ptr-deref in resource_size().
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50523
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clk: rockchip: Fix memory leak in rockchip_clk_register_pll()<br /> <br /> If clk_register() fails, @pll-&gt;rate_table may have allocated memory by<br /> kmemdup(), so it needs to be freed, otherwise will cause memory leak<br /> issue, this patch fixes it.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50522
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mcb: mcb-parse: fix error handing in chameleon_parse_gdd()<br /> <br /> If mcb_device_register() returns error in chameleon_parse_gdd(), the refcount<br /> of bus and device name are leaked. Fix this by calling put_device() to give up<br /> the reference, so they can be released in mcb_release_dev() and kobject_cleanup().
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50529
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> test_firmware: fix memory leak in test_firmware_init()<br /> <br /> When misc_register() failed in test_firmware_init(), the memory pointed<br /> by test_fw_config-&gt;name is not released. The memory leak information is<br /> as follows:<br /> unreferenced object 0xffff88810a34cb00 (size 32):<br /> comm "insmod", pid 7952, jiffies 4294948236 (age 49.060s)<br /> hex dump (first 32 bytes):<br /> 74 65 73 74 2d 66 69 72 6d 77 61 72 65 2e 62 69 test-firmware.bi<br /> 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 n...............<br /> backtrace:<br /> [] __kmalloc_node_track_caller+0x4b/0xc0<br /> [] kstrndup+0x46/0xc0<br /> [] __test_firmware_config_init+0x29/0x380 [test_firmware]<br /> [] 0xffffffffa040f068<br /> [] do_one_initcall+0x141/0x780<br /> [] do_init_module+0x1c3/0x630<br /> [] load_module+0x623e/0x76a0<br /> [] __do_sys_finit_module+0x181/0x240<br /> [] do_syscall_64+0x39/0xb0<br /> [] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2026

CVE-2022-50521
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()<br /> <br /> The ACPI buffer memory (out.pointer) returned by wmi_evaluate_method()<br /> is not freed after the call, so it leads to memory leak.<br /> <br /> The method results in ACPI buffer is not used, so just pass NULL to<br /> wmi_evaluate_method() which fixes the memory leak.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50520
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()<br /> <br /> As comment of pci_get_class() says, it returns a pci_device with its<br /> refcount increased and decreased the refcount for the input parameter<br /> @from if it is not NULL.<br /> <br /> If we break the loop in radeon_atrm_get_bios() with &amp;#39;pdev&amp;#39; not NULL, we<br /> need to call pci_dev_put() to decrease the refcount. Add the missing<br /> pci_dev_put() to avoid refcount leak.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026
Subscribe to Vulnerabilities