Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-43389
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: memfd_luo: always dirty all folios<br /> <br /> A dirty folio is one which has been written to. A clean folio is its<br /> opposite. Since a clean folio has no user data, it can be freed under<br /> memory pressure.<br /> <br /> memfd preservation with LUO saves the flag at preserve(). This is<br /> problematic. The folio might get dirtied later. Saving it at freeze()<br /> also doesn&amp;#39;t work, since the dirty bit from PTE is normally synced at<br /> unmap and there might still be mappings of the file at freeze().<br /> <br /> To see why this is a problem, say a folio is clean at preserve, but gets<br /> dirtied later. The serialized state of the folio will mark it as clean. <br /> After retrieve, the next kernel will see the folio as clean and might try<br /> to reclaim it under memory pressure. This will result in losing user<br /> data.<br /> <br /> Mark all folios of the file as dirty, and always set the<br /> MEMFD_LUO_FOLIO_DIRTY flag. This comes with the side effect of making all<br /> clean folios un-reclaimable. This is a cost that has to be paid for<br /> participants of live update. It is not expected to be a common use case<br /> to preserve a lot of clean folios anyway.<br /> <br /> Since the value of pfolio-&gt;flags is a constant now, drop the flags<br /> variable and set it directly.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43390
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nstree: tighten permission checks for listing<br /> <br /> Even privileged services should not necessarily be able to see other<br /> privileged service&amp;#39;s namespaces so they can&amp;#39;t leak information to each<br /> other. Use may_see_all_namespaces() helper that centralizes this policy<br /> until the nstree adapts.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43391
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nsfs: tighten permission checks for handle opening<br /> <br /> Even privileged services should not necessarily be able to see other<br /> privileged service&amp;#39;s namespaces so they can&amp;#39;t leak information to each<br /> other. Use may_see_all_namespaces() helper that centralizes this policy<br /> until the nstree adapts.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43392
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sched_ext: Fix starvation of scx_enable() under fair-class saturation<br /> <br /> During scx_enable(), the READY -&gt; ENABLED task switching loop changes the<br /> calling thread&amp;#39;s sched_class from fair to ext. Since fair has higher<br /> priority than ext, saturating fair-class workloads can indefinitely starve<br /> the enable thread, hanging the system. This was introduced when the enable<br /> path switched from preempt_disable() to scx_bypass() which doesn&amp;#39;t protect<br /> against fair-class starvation. Note that the original preempt_disable()<br /> protection wasn&amp;#39;t complete either - in partial switch modes, the calling<br /> thread could still be starved after preempt_enable() as it may have been<br /> switched to ext class.<br /> <br /> Fix it by offloading the enable body to a dedicated system-wide RT<br /> (SCHED_FIFO) kthread which cannot be starved by either fair or ext class<br /> tasks. scx_enable() lazily creates the kthread on first use and passes the<br /> ops pointer through a struct scx_enable_cmd containing the kthread_work,<br /> then synchronously waits for completion.<br /> <br /> The workfn runs on a different kthread from sch-&gt;helper (which runs<br /> disable_work), so it can safely flush disable_work on the error path<br /> without deadlock.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43393
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies()<br /> <br /> Fix a chunk map leak in btrfs_map_block(): if we return early with -EINVAL,<br /> we&amp;#39;re not freeing the chunk map that we&amp;#39;ve just looked up.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43394
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit().<br /> <br /> nfsd_nl_listener_set_doit() uses get_current_cred() without<br /> put_cred().<br /> <br /> As we can see from other callers, svc_xprt_create_from_sa()<br /> does not require the extra refcount.<br /> <br /> nfsd_nl_listener_set_doit() is always in the process context,<br /> sendmsg(), and current-&gt;cred does not go away.<br /> <br /> Let&amp;#39;s use current_cred() in nfsd_nl_listener_set_doit().
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43395
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/xe/sync: Cleanup partially initialized sync on parse failure<br /> <br /> xe_sync_entry_parse() can allocate references (syncobj, fence, chain fence,<br /> or user fence) before hitting a later failure path. Several of those paths<br /> returned directly, leaving partially initialized state and leaking refs.<br /> <br /> Route these error paths through a common free_sync label and call<br /> xe_sync_entry_cleanup(sync) before returning the error.<br /> <br /> (cherry picked from commit f939bdd9207a5d1fc55cced5459858480686ce22)
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43379
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()<br /> <br /> opinfo pointer obtained via rcu_dereference(fp-&gt;f_opinfo) is being<br /> accessed after rcu_read_unlock() has been called. This creates a<br /> race condition where the memory could be freed by a concurrent<br /> writer between the unlock and the subsequent pointer dereferences<br /> (opinfo-&gt;is_lease, etc.), leading to a use-after-free.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43380
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read<br /> <br /> The q54sj108a2_debugfs_read function suffers from a stack buffer overflow<br /> due to incorrect arguments passed to bin2hex(). The function currently<br /> passes &amp;#39;data&amp;#39; as the destination and &amp;#39;data_char&amp;#39; as the source.<br /> <br /> Because bin2hex() converts each input byte into two hex characters, a<br /> 32-byte block read results in 64 bytes of output. Since &amp;#39;data&amp;#39; is only<br /> 34 bytes (I2C_SMBUS_BLOCK_MAX + 2), this writes 30 bytes past the end<br /> of the buffer onto the stack.<br /> <br /> Additionally, the arguments were swapped: it was reading from the<br /> zero-initialized &amp;#39;data_char&amp;#39; and writing to &amp;#39;data&amp;#39;, resulting in<br /> all-zero output regardless of the actual I2C read.<br /> <br /> Fix this by:<br /> 1. Expanding &amp;#39;data_char&amp;#39; to 66 bytes to safely hold the hex output.<br /> 2. Correcting the bin2hex() argument order and using the actual read count.<br /> 3. Using a pointer to select the correct output buffer for the final<br /> simple_read_from_buffer call.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43381
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nouveau/dpcd: return EBUSY for aux xfer if the device is asleep<br /> <br /> If we have runtime suspended, and userspace wants to use /dev/drm_dp_*<br /> then just tell it the device is busy instead of crashing in the GSP<br /> code.<br /> <br /> WARNING: CPU: 2 PID: 565741 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c:164 r535_gsp_msgq_wait+0x9a/0xb0 [nouveau]<br /> CPU: 2 UID: 0 PID: 565741 Comm: fwupd Not tainted 6.18.10-200.fc43.x86_64 #1 PREEMPT(lazy)<br /> Hardware name: LENOVO 20QTS0PQ00/20QTS0PQ00, BIOS N2OET65W (1.52 ) 08/05/2024<br /> RIP: 0010:r535_gsp_msgq_wait+0x9a/0xb0 [nouveau]<br /> <br /> This is a simple fix to get backported. We should probably engineer a<br /> proper power domain solution to wake up devices and keep them awake<br /> while fw updates are happening.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43382
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> batman-adv: Avoid double-rtnl_lock ELP metric worker<br /> <br /> batadv_v_elp_get_throughput() might be called when the RTNL lock is already<br /> held. This could be problematic when the work queue item is cancelled via<br /> cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case,<br /> an rtnl_lock() would cause a deadlock.<br /> <br /> To avoid this, rtnl_trylock() was used in this function to skip the<br /> retrieval of the ethtool information in case the RTNL lock was already<br /> held.<br /> <br /> But for cfg80211 interfaces, batadv_get_real_netdev() was called - which<br /> also uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must<br /> also be used instead and the lockless version __batadv_get_real_netdev()<br /> has to be called.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2026-43383
Publication date:
08/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/tcp-md5: Fix MAC comparison to be constant-time<br /> <br /> To prevent timing attacks, MACs need to be compared in constant<br /> time. Use the appropriate helper function for this.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026
Subscribe to Vulnerabilities