Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-27039

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() &#39;p_clk&#39; is an array allocated just before the for loop for all clk that need to be registered. It is incremented at each loop iteration. If a clk_register() call fails, &#39;p_clk&#39; may point to something different from what should be freed. The best we can do, is to avoid this wrong release of memory.

Severity CVSS v4.0: Pending analysis

Last modification:

18/09/2025

CVE-2024-27040

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add &#39;replay&#39; NULL check in &#39;edp_set_replay_allow_active()&#39; In the first if statement, we&#39;re checking if &#39;replay&#39; is NULL. But in the second if statement, we&#39;re not checking if &#39;replay&#39; is NULL again before calling replay->funcs->replay_set_power_opt(). if (replay == NULL && force_static) return false; ... if (link->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); link->replay_settings.replay_power_opt_active = *power_opts; } If &#39;replay&#39; is NULL, this will cause a null pointer dereference. Fixes the below found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed &#39;replay&#39; could be null (see line 887)

Severity CVSS v4.0: Pending analysis

Last modification:

08/04/2025

CVE-2024-27041

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() Since &#39;adev->dm.dc&#39; in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will not be a possible NULL-ptr-deref there. Also, since commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in &#39;adev->dm.dc&#39; before dc_deinit_callbacks() and dc_dmub_srv_destroy(). Clean up by combining them all under one &#39;if&#39;. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE.

Severity CVSS v4.0: Pending analysis

Last modification:

08/04/2025

CVE-2024-27042

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential out-of-bounds access in &#39;amdgpu_discovery_reg_base_init()&#39; The issue arises when the array &#39;adev->vcn.vcn_config&#39; is accessed before checking if the index &#39;adev->vcn.num_vcn_inst&#39; is within the bounds of the array. The fix involves moving the bounds check before the array access. This ensures that &#39;adev->vcn.num_vcn_inst&#39; is within the bounds of the array before it is used as an index. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289 amdgpu_discovery_reg_base_init() error: testing array offset &#39;adev->vcn.num_vcn_inst&#39; after use.

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2024

CVE-2024-27043

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev&#39;s deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2024

CVE-2024-27044

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in &#39;dcn10_set_output_transfer_func()&#39; The &#39;stream&#39; pointer is used in dcn10_set_output_transfer_func() before the check if &#39;stream&#39; is NULL. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check &#39;stream&#39; (see line 1875)

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2024

CVE-2024-27045

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in &#39;dp_dsc_clock_en_read()&#39; Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2024

CVE-2024-27046

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null pointer dereference bugs will happen. This patch adds a check to judge whether allocation failure occurs. If it happens, the delayed work will be rescheduled and try again.

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2024

CVE-2024-27047

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defining delay_values and rx-internal-delay-ps or tx-internal-delay-ps is defined to 0 in the device-tree. This will lead to "unable to handle kernel NULL pointer dereference at virtual address 0". To avoid this kernel oops, the test should be delay >= 0. As there is already delay

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2024

CVE-2024-27048

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: handle pmk_op allocation failure The kzalloc() in brcmf_pmksa_v3_op() will return null if the physical memory has run out. As a result, if we dereference the null value, the null pointer dereference bug will happen. Return -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails for pmk_op.

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2024

CVE-2022-48669

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() `buf` is allocated in papr_get_attr(), and krealloc() of `buf` could fail. We need to free the original `buf` in the case of failure.

Severity CVSS v4.0: Pending analysis

Last modification:

08/04/2025

CVE-2023-52649

Publication date:

01/05/2024

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Avoid reading beyond LUT array When the floor LUT index (drm_fixp2int(lut_index) is the last index of the array the ceil LUT index will point to an entry beyond the array. Make sure we guard against it and use the value of the floor LUT index. v3: - Drop bits from commit description that didn&#39;t contribute anything of value

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2024

Subscribe to Vulnerabilities