Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-49917
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add NULL check for clk_mgr and clk_mgr-&gt;funcs in dcn30_init_hw<br /> <br /> This commit addresses a potential null pointer dereference issue in the<br /> `dcn30_init_hw` function. The issue could occur when `dc-&gt;clk_mgr` or<br /> `dc-&gt;clk_mgr-&gt;funcs` is null.<br /> <br /> The fix adds a check to ensure `dc-&gt;clk_mgr` and `dc-&gt;clk_mgr-&gt;funcs` is<br /> not null before accessing its functions. This prevents a potential null<br /> pointer dereference.<br /> <br /> Reported by smatch:<br /> drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed &amp;#39;dc-&gt;clk_mgr&amp;#39; could be null (see line 628)
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49905
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add null check for &amp;#39;afb&amp;#39; in amdgpu_dm_plane_handle_cursor_update (v2)<br /> <br /> This commit adds a null check for the &amp;#39;afb&amp;#39; variable in the<br /> amdgpu_dm_plane_handle_cursor_update function. Previously, &amp;#39;afb&amp;#39; was<br /> assumed to be null, but was used later in the code without a null check.<br /> This could potentially lead to a null pointer dereference.<br /> <br /> Changes since v1:<br /> - Moved the null check for &amp;#39;afb&amp;#39; to the line where &amp;#39;afb&amp;#39; is used. (Alex)<br /> <br /> Fixes the below:<br /> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed &amp;#39;afb&amp;#39; could be null (see line 1252)
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49907
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Check null pointers before using dc-&gt;clk_mgr<br /> <br /> [WHY &amp; HOW]<br /> dc-&gt;clk_mgr is null checked previously in the same function, indicating<br /> it might be null.<br /> <br /> Passing "dc" to "dc-&gt;hwss.apply_idle_power_optimizations", which<br /> dereferences null "dc-&gt;clk_mgr". (The function pointer resolves to<br /> "dcn35_apply_idle_power_optimizations".)<br /> <br /> This fixes 1 FORWARD_NULL issue reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49912
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Handle null &amp;#39;stream_status&amp;#39; in &amp;#39;planes_changed_for_existing_stream&amp;#39;<br /> <br /> This commit adds a null check for &amp;#39;stream_status&amp;#39; in the function<br /> &amp;#39;planes_changed_for_existing_stream&amp;#39;. Previously, the code assumed<br /> &amp;#39;stream_status&amp;#39; could be null, but did not handle the case where it was<br /> actually null. This could lead to a null pointer dereference.<br /> <br /> Reported by smatch:<br /> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:3784 planes_changed_for_existing_stream() error: we previously assumed &amp;#39;stream_status&amp;#39; could be null (see line 3774)
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49913
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream<br /> <br /> This commit addresses a null pointer dereference issue in the<br /> `commit_planes_for_stream` function at line 4140. The issue could occur<br /> when `top_pipe_to_program` is null.<br /> <br /> The fix adds a check to ensure `top_pipe_to_program` is not null before<br /> accessing its stream_res. This prevents a null pointer dereference.<br /> <br /> Reported by smatch:<br /> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed &amp;#39;top_pipe_to_program&amp;#39; could be null (see line 3906)
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49901
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm/adreno: Assign msm_gpu-&gt;pdev earlier to avoid nullptrs<br /> <br /> There are some cases, such as the one uncovered by Commit 46d4efcccc68<br /> ("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails")<br /> where<br /> <br /> msm_gpu_cleanup() : platform_set_drvdata(gpu-&gt;pdev, NULL);<br /> <br /> is called on gpu-&gt;pdev == NULL, as the GPU device has not been fully<br /> initialized yet.<br /> <br /> Turns out that there&amp;#39;s more than just the aforementioned path that<br /> causes this to happen (e.g. the case when there&amp;#39;s speedbin data in the<br /> catalog, but opp-supported-hw is missing in DT).<br /> <br /> Assigning msm_gpu-&gt;pdev earlier seems like the least painful solution<br /> to this, therefore do so.<br /> <br /> Patchwork: https://patchwork.freedesktop.org/patch/602742/
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2024

CVE-2024-49904
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: add list empty check to avoid null pointer issue<br /> <br /> Add list empty check to avoid null pointer issues in some corner cases.<br /> - list_for_each_entry_safe()
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2024

CVE-2024-49897
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Check phantom_stream before it is used<br /> <br /> dcn32_enable_phantom_stream can return null, so returned value<br /> must be checked before used.<br /> <br /> This fixes 1 NULL_RETURNS issue reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49898
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Check null-initialized variables<br /> <br /> [WHAT &amp; HOW]<br /> drr_timing and subvp_pipe are initialized to null and they are not<br /> always assigned new values. It is necessary to check for null before<br /> dereferencing.<br /> <br /> This fixes 2 FORWARD_NULL issues reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49899
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Initialize denominators&amp;#39; default to 1<br /> <br /> [WHAT &amp; HOW]<br /> Variables used as denominators and maybe not assigned to other values,<br /> should not be 0. Change their default to 1 so they are never 0.<br /> <br /> This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49896
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Check stream before comparing them<br /> <br /> [WHAT &amp; HOW]<br /> amdgpu_dm can pass a null stream to dc_is_stream_unchanged. It is<br /> necessary to check for null before dereferencing them.<br /> <br /> This fixes 1 FORWARD_NULL issue reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49900
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> jfs: Fix uninit-value access of new_ea in ea_buffer<br /> <br /> syzbot reports that lzo1x_1_do_compress is using uninit-value:<br /> <br /> =====================================================<br /> BUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178<br /> <br /> ...<br /> <br /> Uninit was stored to memory at:<br /> ea_put fs/jfs/xattr.c:639 [inline]<br /> <br /> ...<br /> <br /> Local variable ea_buf created at:<br /> __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662<br /> __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934<br /> <br /> =====================================================<br /> <br /> The reason is ea_buf-&gt;new_ea is not initialized properly.<br /> <br /> Fix this by using memset to empty its content at the beginning<br /> in ea_get().
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026
Subscribe to Vulnerabilities