Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-27063

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> leds: trigger: netdev: Fix kernel panic on interface rename trig notify<br /> <br /> Commit d5e01266e7f5 ("leds: trigger: netdev: add additional specific link<br /> speed mode") in the various changes, reworked the way to set the LINKUP<br /> mode in commit cee4bd16c319 ("leds: trigger: netdev: Recheck<br /> NETDEV_LED_MODE_LINKUP on dev rename") and moved it to a generic function.<br /> <br /> This changed the logic where, in the previous implementation the dev<br /> from the trigger event was used to check if the carrier was ok, but in<br /> the new implementation with the generic function, the dev in<br /> trigger_data is used instead.<br /> <br /> This is problematic and cause a possible kernel panic due to the fact<br /> that the dev in the trigger_data still reference the old one as the<br /> new one (passed from the trigger event) still has to be hold and saved<br /> in the trigger_data struct (done in the NETDEV_REGISTER case).<br /> <br /> On calling of get_device_state(), an invalid net_dev is used and this<br /> cause a kernel panic.<br /> <br /> To handle this correctly, move the call to get_device_state() after the<br /> new net_dev is correctly set in trigger_data (in the NETDEV_REGISTER<br /> case) and correctly parse the new dev.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-27064

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: Fix a memory leak in nf_tables_updchain<br /> <br /> If nft_netdev_register_hooks() fails, the memory associated with<br /> nft_stats is not freed, causing a memory leak.<br /> <br /> This patch fixes it by moving nft_stats_alloc() down after<br /> nft_netdev_register_hooks() succeeds.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2024

CVE-2024-27066

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> virtio: packed: fix unmap leak for indirect desc table<br /> <br /> When use_dma_api and premapped are true, then the do_unmap is false.<br /> <br /> Because the do_unmap is false, vring_unmap_extra_packed is not called by<br /> detach_buf_packed.<br /> <br /> if (unlikely(vq-&gt;do_unmap)) {<br /> curr = id;<br /> for (i = 0; i num; i++) {<br /> vring_unmap_extra_packed(vq,<br /> &amp;vq-&gt;packed.desc_extra[curr]);<br /> curr = vq-&gt;packed.desc_extra[curr].next;<br /> }<br /> }<br /> <br /> So the indirect desc table is not unmapped. This causes the unmap leak.<br /> <br /> So here, we check vq-&gt;use_dma_api instead. Synchronously, dma info is<br /> updated based on use_dma_api judgment<br /> <br /> This bug does not occur, because no driver use the premapped with<br /> indirect.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-27067

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xen/evtchn: avoid WARN() when unbinding an event channel<br /> <br /> When unbinding a user event channel, the related handler might be<br /> called a last time in case the kernel was built with<br /> CONFIG_DEBUG_SHIRQ. This might cause a WARN() in the handler.<br /> <br /> Avoid that by adding an "unbinding" flag to struct user_event which<br /> will short circuit the handler.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-27068

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path<br /> <br /> If devm_krealloc() fails, then &amp;#39;efuse&amp;#39; is leaking.<br /> So free it to avoid a leak.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2024

CVE-2024-27069

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ovl: relax WARN_ON in ovl_verify_area()<br /> <br /> syzbot hit an assertion in copy up data loop which looks like it is<br /> the result of a lower file whose size is being changed underneath<br /> overlayfs.<br /> <br /> This type of use case is documented to cause undefined behavior, so<br /> returning EIO error for the copy up makes sense, but it should not be<br /> causing a WARN_ON assertion.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-27056

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: iwlwifi: mvm: ensure offloading TID queue exists<br /> <br /> The resume code path assumes that the TX queue for the offloading TID<br /> has been configured. At resume time it then tries to sync the write<br /> pointer as it may have been updated by the firmware.<br /> <br /> In the unusual event that no packets have been send on TID 0, the queue<br /> will not have been allocated and this causes a crash. Fix this by<br /> ensuring the queue exist at suspend time.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-27065

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: do not compare internal table flags on updates<br /> <br /> Restore skipping transaction if table update does not modify flags.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2025

CVE-2024-27028

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: spi-mt65xx: Fix NULL pointer access in interrupt handler<br /> <br /> The TX buffer in spi_transfer can be a NULL pointer, so the interrupt<br /> handler may end up writing to the invalid memory and cause crashes.<br /> <br /> Add a check to trans-&gt;tx_buf before using it.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2024-27029

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix mmhub client id out-of-bounds access<br /> <br /> Properly handle cid 0x140.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2024

CVE-2024-27030

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> octeontx2-af: Use separate handlers for interrupts<br /> <br /> For PF to AF interrupt vector and VF to AF vector same<br /> interrupt handler is registered which is causing race condition.<br /> When two interrupts are raised to two CPUs at same time<br /> then two cores serve same event corrupting the data.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2024

CVE-2024-27031

Publication date:
01/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt<br /> <br /> The loop inside nfs_netfs_issue_read() currently does not disable<br /> interrupts while iterating through pages in the xarray to submit<br /> for NFS read. This is not safe though since after taking xa_lock,<br /> another page in the mapping could be processed for writeback inside<br /> an interrupt, and deadlock can occur. The fix is simple and clean<br /> if we use xa_for_each_range(), which handles the iteration with RCU<br /> while reducing code complexity.<br /> <br /> The problem is easily reproduced with the following test:<br /> mount -o vers=3,fsc 127.0.0.1:/export /mnt/nfs<br /> dd if=/dev/zero of=/mnt/nfs/file1.bin bs=4096 count=1<br /> echo 3 &gt; /proc/sys/vm/drop_caches<br /> dd if=/mnt/nfs/file1.bin of=/dev/null<br /> umount /mnt/nfs<br /> <br /> On the console with a lockdep-enabled kernel a message similar to<br /> the following will be seen:<br /> <br /> ================================<br /> WARNING: inconsistent lock state<br /> 6.7.0-lockdbg+ #10 Not tainted<br /> --------------------------------<br /> inconsistent {IN-SOFTIRQ-W} -&gt; {SOFTIRQ-ON-W} usage.<br /> test5/1708 [HC0[0]:SC0[0]:HE1:SE1] takes:<br /> ffff888127baa598 (&amp;xa-&gt;xa_lock#4){+.?.}-{3:3}, at:<br /> nfs_netfs_issue_read+0x1b2/0x4b0 [nfs]<br /> {IN-SOFTIRQ-W} state was registered at:<br /> lock_acquire+0x144/0x380<br /> _raw_spin_lock_irqsave+0x4e/0xa0<br /> __folio_end_writeback+0x17e/0x5c0<br /> folio_end_writeback+0x93/0x1b0<br /> iomap_finish_ioend+0xeb/0x6a0<br /> blk_update_request+0x204/0x7f0<br /> blk_mq_end_request+0x30/0x1c0<br /> blk_complete_reqs+0x7e/0xa0<br /> __do_softirq+0x113/0x544<br /> __irq_exit_rcu+0xfe/0x120<br /> irq_exit_rcu+0xe/0x20<br /> sysvec_call_function_single+0x6f/0x90<br /> asm_sysvec_call_function_single+0x1a/0x20<br /> pv_native_safe_halt+0xf/0x20<br /> default_idle+0x9/0x20<br /> default_idle_call+0x67/0xa0<br /> do_idle+0x2b5/0x300<br /> cpu_startup_entry+0x34/0x40<br /> start_secondary+0x19d/0x1c0<br /> secondary_startup_64_no_verify+0x18f/0x19b<br /> irq event stamp: 176891<br /> hardirqs last enabled at (176891): []<br /> _raw_spin_unlock_irqrestore+0x44/0x60<br /> hardirqs last disabled at (176890): []<br /> _raw_spin_lock_irqsave+0x79/0xa0<br /> softirqs last enabled at (176646): []<br /> __irq_exit_rcu+0xfe/0x120<br /> softirqs last disabled at (176633): []<br /> __irq_exit_rcu+0xfe/0x120<br /> <br /> other info that might help us debug this:<br /> Possible unsafe locking scenario:<br /> <br /> CPU0<br /> ----<br /> lock(&amp;xa-&gt;xa_lock#4);<br /> <br /> lock(&amp;xa-&gt;xa_lock#4);<br /> <br /> *** DEADLOCK ***<br /> <br /> 2 locks held by test5/1708:<br /> #0: ffff888127baa498 (&amp;sb-&gt;s_type-&gt;i_mutex_key#22){++++}-{4:4}, at:<br /> nfs_start_io_read+0x28/0x90 [nfs]<br /> #1: ffff888127baa650 (mapping.invalidate_lock#3){.+.+}-{4:4}, at:<br /> page_cache_ra_unbounded+0xa4/0x280<br /> <br /> stack backtrace:<br /> CPU: 6 PID: 1708 Comm: test5 Kdump: loaded Not tainted 6.7.0-lockdbg+<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39<br /> 04/01/2014<br /> Call Trace:<br /> dump_stack_lvl+0x5b/0x90<br /> mark_lock+0xb3f/0xd20<br /> __lock_acquire+0x77b/0x3360<br /> _raw_spin_lock+0x34/0x80<br /> nfs_netfs_issue_read+0x1b2/0x4b0 [nfs]<br /> netfs_begin_read+0x77f/0x980 [netfs]<br /> nfs_netfs_readahead+0x45/0x60 [nfs]<br /> nfs_readahead+0x323/0x5a0 [nfs]<br /> read_pages+0xf3/0x5c0<br /> page_cache_ra_unbounded+0x1c8/0x280<br /> filemap_get_pages+0x38c/0xae0<br /> filemap_read+0x206/0x5e0<br /> nfs_file_read+0xb7/0x140 [nfs]<br /> vfs_read+0x2a9/0x460<br /> ksys_read+0xb7/0x140
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2024