Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-47340
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> jfs: fix GPF in diFree<br /> <br /> Avoid passing inode with<br /> JFS_SBI(inode-&gt;i_sb)-&gt;ipimap == NULL to<br /> diFree()[1]. GFP will appear:<br /> <br /> struct inode *ipimap = JFS_SBI(ip-&gt;i_sb)-&gt;ipimap;<br /> struct inomap *imap = JFS_IP(ipimap)-&gt;i_imap;<br /> <br /> JFS_IP() will return invalid pointer when ipimap == NULL<br /> <br /> Call Trace:<br /> diFree+0x13d/0x2dc0 fs/jfs/jfs_imap.c:853 [1]<br /> jfs_evict_inode+0x2c9/0x370 fs/jfs/inode.c:154<br /> evict+0x2ed/0x750 fs/inode.c:578<br /> iput_final fs/inode.c:1654 [inline]<br /> iput.part.0+0x3fe/0x820 fs/inode.c:1680<br /> iput+0x58/0x70 fs/inode.c:1670
Severity CVSS v4.0: Pending analysis
Last modification:
10/12/2025

CVE-2021-47317
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/bpf: Fix detecting BPF atomic instructions<br /> <br /> Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode other<br /> atomics in .imm") converted BPF_XADD to BPF_ATOMIC and added a way to<br /> distinguish instructions based on the immediate field. Existing JIT<br /> implementations were updated to check for the immediate field and to<br /> reject programs utilizing anything more than BPF_ADD (such as BPF_FETCH)<br /> in the immediate field.<br /> <br /> However, the check added to powerpc64 JIT did not look at the correct<br /> BPF instruction. Due to this, such programs would be accepted and<br /> incorrectly JIT&amp;#39;ed resulting in soft lockups, as seen with the atomic<br /> bounds test. Fix this by looking at the correct immediate value.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2021-47318
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arch_topology: Avoid use-after-free for scale_freq_data<br /> <br /> Currently topology_scale_freq_tick() (which gets called from<br /> scheduler_tick()) may end up using a pointer to "struct<br /> scale_freq_data", which was previously cleared by<br /> topology_clear_scale_freq_source(), as there is no protection in place<br /> here. The users of topology_clear_scale_freq_source() though needs a<br /> guarantee that the previously cleared scale_freq_data isn&amp;#39;t used<br /> anymore, so they can free the related resources.<br /> <br /> Since topology_scale_freq_tick() is called from scheduler tick, we don&amp;#39;t<br /> want to add locking in there. Use the RCU update mechanism instead<br /> (which is already used by the scheduler&amp;#39;s utilization update path) to<br /> guarantee race free updates here.<br /> <br /> synchronize_rcu() makes sure that all RCU critical sections that started<br /> before it is called, will finish before it returns. And so the callers<br /> of topology_clear_scale_freq_source() don&amp;#39;t need to worry about their<br /> callback getting called anymore.
Severity CVSS v4.0: Pending analysis
Last modification:
26/12/2024

CVE-2021-47319
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> virtio-blk: Fix memory leak among suspend/resume procedure<br /> <br /> The vblk-&gt;vqs should be freed before we call init_vqs()<br /> in virtblk_restore().
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2024

CVE-2021-47320
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nfs: fix acl memory leak of posix_acl_create()<br /> <br /> When looking into another nfs xfstests report, I found acl and<br /> default_acl in nfs3_proc_create() and nfs3_proc_mknod() error<br /> paths are possibly leaked. Fix them in advance.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2024

CVE-2021-47321
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> watchdog: Fix possible use-after-free by calling del_timer_sync()<br /> <br /> This driver&amp;#39;s remove path calls del_timer(). However, that function<br /> does not wait until the timer handler finishes. This means that the<br /> timer handler may still be running after the driver&amp;#39;s remove function<br /> has finished, which would result in a use-after-free.<br /> <br /> Fix by calling del_timer_sync(), which makes sure the timer handler<br /> has finished, and unable to re-schedule itself.
Severity CVSS v4.0: Pending analysis
Last modification:
26/12/2024

CVE-2021-47322
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT<br /> <br /> Fix an Oopsable condition in pnfs_mark_request_commit() when we&amp;#39;re<br /> putting a set of writes on the commit list to reschedule them after a<br /> failed pNFS attempt.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2021-47323
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()<br /> <br /> This module&amp;#39;s remove path calls del_timer(). However, that function<br /> does not wait until the timer handler finishes. This means that the<br /> timer handler may still be running after the driver&amp;#39;s remove function<br /> has finished, which would result in a use-after-free.<br /> <br /> Fix by calling del_timer_sync(), which makes sure the timer handler<br /> has finished, and unable to re-schedule itself.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2021-47324
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> watchdog: Fix possible use-after-free in wdt_startup()<br /> <br /> This module&amp;#39;s remove path calls del_timer(). However, that function<br /> does not wait until the timer handler finishes. This means that the<br /> timer handler may still be running after the driver&amp;#39;s remove function<br /> has finished, which would result in a use-after-free.<br /> <br /> Fix by calling del_timer_sync(), which makes sure the timer handler<br /> has finished, and unable to re-schedule itself.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2021-47325
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation<br /> <br /> The reference counting issue happens in several exception handling paths<br /> of arm_smmu_iova_to_phys_hard(). When those error scenarios occur, the<br /> function forgets to decrease the refcount of "smmu" increased by<br /> arm_smmu_rpm_get(), causing a refcount leak.<br /> <br /> Fix this issue by jumping to "out" label when those error scenarios<br /> occur.
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2025

CVE-2021-47326
Publication date:
21/05/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2024

CVE-2021-47327
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails<br /> <br /> arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the<br /> refcount of the "smmu" even though the return value is less than 0.<br /> <br /> The reference counting issue happens in some error handling paths of<br /> arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get()<br /> fails, the caller functions forget to decrease the refcount of "smmu"<br /> increased by arm_smmu_rpm_get(), causing a refcount leak.<br /> <br /> Fix this issue by calling pm_runtime_resume_and_get() instead of<br /> pm_runtime_get_sync() in arm_smmu_rpm_get(), which can keep the refcount<br /> balanced in case of failure.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025
Subscribe to Vulnerabilities