Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-49905
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add null check for &amp;#39;afb&amp;#39; in amdgpu_dm_plane_handle_cursor_update (v2)<br /> <br /> This commit adds a null check for the &amp;#39;afb&amp;#39; variable in the<br /> amdgpu_dm_plane_handle_cursor_update function. Previously, &amp;#39;afb&amp;#39; was<br /> assumed to be null, but was used later in the code without a null check.<br /> This could potentially lead to a null pointer dereference.<br /> <br /> Changes since v1:<br /> - Moved the null check for &amp;#39;afb&amp;#39; to the line where &amp;#39;afb&amp;#39; is used. (Alex)<br /> <br /> Fixes the below:<br /> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed &amp;#39;afb&amp;#39; could be null (see line 1252)
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49906
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Check null pointer before try to access it<br /> <br /> [why &amp; how]<br /> Change the order of the pipe_ctx-&gt;plane_state check to ensure that<br /> plane_state is not null before accessing it.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2024-49907
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Check null pointers before using dc-&gt;clk_mgr<br /> <br /> [WHY &amp; HOW]<br /> dc-&gt;clk_mgr is null checked previously in the same function, indicating<br /> it might be null.<br /> <br /> Passing "dc" to "dc-&gt;hwss.apply_idle_power_optimizations", which<br /> dereferences null "dc-&gt;clk_mgr". (The function pointer resolves to<br /> "dcn35_apply_idle_power_optimizations".)<br /> <br /> This fixes 1 FORWARD_NULL issue reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49908
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add null check for &amp;#39;afb&amp;#39; in amdgpu_dm_update_cursor (v2)<br /> <br /> This commit adds a null check for the &amp;#39;afb&amp;#39; variable in the<br /> amdgpu_dm_update_cursor function. Previously, &amp;#39;afb&amp;#39; was assumed to be<br /> null at line 8388, but was used later in the code without a null check.<br /> This could potentially lead to a null pointer dereference.<br /> <br /> Changes since v1:<br /> - Moved the null check for &amp;#39;afb&amp;#39; to the line where &amp;#39;afb&amp;#39; is used. (Alex)<br /> <br /> Fixes the below:<br /> drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8433 amdgpu_dm_update_cursor()<br /> error: we previously assumed &amp;#39;afb&amp;#39; could be null (see line 8388)
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2024

CVE-2024-49909
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func<br /> <br /> This commit adds a null check for the set_output_gamma function pointer<br /> in the dcn32_set_output_transfer_func function. Previously,<br /> set_output_gamma was being checked for null, but then it was being<br /> dereferenced without any null check. This could lead to a null pointer<br /> dereference if set_output_gamma is null.<br /> <br /> To fix this, we now ensure that set_output_gamma is not null before<br /> dereferencing it. We do this by adding a null check for set_output_gamma<br /> before the call to set_output_gamma.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49910
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func<br /> <br /> This commit adds a null check for the set_output_gamma function pointer<br /> in the dcn401_set_output_transfer_func function. Previously,<br /> set_output_gamma was being checked for null, but then it was being<br /> dereferenced without any null check. This could lead to a null pointer<br /> dereference if set_output_gamma is null.<br /> <br /> To fix this, we now ensure that set_output_gamma is not null before<br /> dereferencing it. We do this by adding a null check for set_output_gamma<br /> before the call to set_output_gamma.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2024

CVE-2024-49911
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func<br /> <br /> This commit adds a null check for the set_output_gamma function pointer<br /> in the dcn20_set_output_transfer_func function. Previously,<br /> set_output_gamma was being checked for null at line 1030, but then it<br /> was being dereferenced without any null check at line 1048. This could<br /> potentially lead to a null pointer dereference error if set_output_gamma<br /> is null.<br /> <br /> To fix this, we now ensure that set_output_gamma is not null before<br /> dereferencing it. We do this by adding a null check for set_output_gamma<br /> before the call to set_output_gamma at line 1048.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49912
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Handle null &amp;#39;stream_status&amp;#39; in &amp;#39;planes_changed_for_existing_stream&amp;#39;<br /> <br /> This commit adds a null check for &amp;#39;stream_status&amp;#39; in the function<br /> &amp;#39;planes_changed_for_existing_stream&amp;#39;. Previously, the code assumed<br /> &amp;#39;stream_status&amp;#39; could be null, but did not handle the case where it was<br /> actually null. This could lead to a null pointer dereference.<br /> <br /> Reported by smatch:<br /> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:3784 planes_changed_for_existing_stream() error: we previously assumed &amp;#39;stream_status&amp;#39; could be null (see line 3774)
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49913
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream<br /> <br /> This commit addresses a null pointer dereference issue in the<br /> `commit_planes_for_stream` function at line 4140. The issue could occur<br /> when `top_pipe_to_program` is null.<br /> <br /> The fix adds a check to ensure `top_pipe_to_program` is not null before<br /> accessing its stream_res. This prevents a null pointer dereference.<br /> <br /> Reported by smatch:<br /> drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed &amp;#39;top_pipe_to_program&amp;#39; could be null (see line 3906)
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49914
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add null check for pipe_ctx-&gt;plane_state in dcn20_program_pipe<br /> <br /> This commit addresses a null pointer dereference issue in the<br /> `dcn20_program_pipe` function. The issue could occur when<br /> `pipe_ctx-&gt;plane_state` is null.<br /> <br /> The fix adds a check to ensure `pipe_ctx-&gt;plane_state` is not null<br /> before accessing. This prevents a null pointer dereference.<br /> <br /> Reported by smatch:<br /> drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn20/dcn20_hwseq.c:1925 dcn20_program_pipe() error: we previously assumed &amp;#39;pipe_ctx-&gt;plane_state&amp;#39; could be null (see line 1877)
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024

CVE-2024-49915
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw<br /> <br /> This commit addresses a potential null pointer dereference issue in the<br /> `dcn32_init_hw` function. The issue could occur when `dc-&gt;clk_mgr` is<br /> null.<br /> <br /> The fix adds a check to ensure `dc-&gt;clk_mgr` is not null before<br /> accessing its functions. This prevents a potential null pointer<br /> dereference.<br /> <br /> Reported by smatch:<br /> drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn32/dcn32_hwseq.c:961 dcn32_init_hw() error: we previously assumed &amp;#39;dc-&gt;clk_mgr&amp;#39; could be null (see line 782)
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-49916
Publication date:
21/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add NULL check for clk_mgr and clk_mgr-&gt;funcs in dcn401_init_hw<br /> <br /> This commit addresses a potential null pointer dereference issue in the<br /> `dcn401_init_hw` function. The issue could occur when `dc-&gt;clk_mgr` or<br /> `dc-&gt;clk_mgr-&gt;funcs` is null.<br /> <br /> The fix adds a check to ensure `dc-&gt;clk_mgr` and `dc-&gt;clk_mgr-&gt;funcs` is<br /> not null before accessing its functions. This prevents a potential null<br /> pointer dereference.<br /> <br /> Reported by smatch:<br /> drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn401/dcn401_hwseq.c:416 dcn401_init_hw() error: we previously assumed &amp;#39;dc-&gt;clk_mgr&amp;#39; could be null (see line 225)
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2024
Subscribe to Vulnerabilities