Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-47318
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arch_topology: Avoid use-after-free for scale_freq_data<br /> <br /> Currently topology_scale_freq_tick() (which gets called from<br /> scheduler_tick()) may end up using a pointer to "struct<br /> scale_freq_data", which was previously cleared by<br /> topology_clear_scale_freq_source(), as there is no protection in place<br /> here. The users of topology_clear_scale_freq_source() though needs a<br /> guarantee that the previously cleared scale_freq_data isn&amp;#39;t used<br /> anymore, so they can free the related resources.<br /> <br /> Since topology_scale_freq_tick() is called from scheduler tick, we don&amp;#39;t<br /> want to add locking in there. Use the RCU update mechanism instead<br /> (which is already used by the scheduler&amp;#39;s utilization update path) to<br /> guarantee race free updates here.<br /> <br /> synchronize_rcu() makes sure that all RCU critical sections that started<br /> before it is called, will finish before it returns. And so the callers<br /> of topology_clear_scale_freq_source() don&amp;#39;t need to worry about their<br /> callback getting called anymore.
Severity CVSS v4.0: Pending analysis
Last modification:
26/12/2024

CVE-2021-47319
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> virtio-blk: Fix memory leak among suspend/resume procedure<br /> <br /> The vblk-&gt;vqs should be freed before we call init_vqs()<br /> in virtblk_restore().
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2024

CVE-2021-47320
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nfs: fix acl memory leak of posix_acl_create()<br /> <br /> When looking into another nfs xfstests report, I found acl and<br /> default_acl in nfs3_proc_create() and nfs3_proc_mknod() error<br /> paths are possibly leaked. Fix them in advance.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2024

CVE-2021-47321
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> watchdog: Fix possible use-after-free by calling del_timer_sync()<br /> <br /> This driver&amp;#39;s remove path calls del_timer(). However, that function<br /> does not wait until the timer handler finishes. This means that the<br /> timer handler may still be running after the driver&amp;#39;s remove function<br /> has finished, which would result in a use-after-free.<br /> <br /> Fix by calling del_timer_sync(), which makes sure the timer handler<br /> has finished, and unable to re-schedule itself.
Severity CVSS v4.0: Pending analysis
Last modification:
26/12/2024

CVE-2021-47322
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT<br /> <br /> Fix an Oopsable condition in pnfs_mark_request_commit() when we&amp;#39;re<br /> putting a set of writes on the commit list to reschedule them after a<br /> failed pNFS attempt.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2021-47323
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()<br /> <br /> This module&amp;#39;s remove path calls del_timer(). However, that function<br /> does not wait until the timer handler finishes. This means that the<br /> timer handler may still be running after the driver&amp;#39;s remove function<br /> has finished, which would result in a use-after-free.<br /> <br /> Fix by calling del_timer_sync(), which makes sure the timer handler<br /> has finished, and unable to re-schedule itself.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2021-47324
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> watchdog: Fix possible use-after-free in wdt_startup()<br /> <br /> This module&amp;#39;s remove path calls del_timer(). However, that function<br /> does not wait until the timer handler finishes. This means that the<br /> timer handler may still be running after the driver&amp;#39;s remove function<br /> has finished, which would result in a use-after-free.<br /> <br /> Fix by calling del_timer_sync(), which makes sure the timer handler<br /> has finished, and unable to re-schedule itself.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2021-47325
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation<br /> <br /> The reference counting issue happens in several exception handling paths<br /> of arm_smmu_iova_to_phys_hard(). When those error scenarios occur, the<br /> function forgets to decrease the refcount of "smmu" increased by<br /> arm_smmu_rpm_get(), causing a refcount leak.<br /> <br /> Fix this issue by jumping to "out" label when those error scenarios<br /> occur.
Severity CVSS v4.0: Pending analysis
Last modification:
13/01/2025

CVE-2021-47326
Publication date:
21/05/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2024

CVE-2021-47327
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails<br /> <br /> arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases the<br /> refcount of the "smmu" even though the return value is less than 0.<br /> <br /> The reference counting issue happens in some error handling paths of<br /> arm_smmu_rpm_get() in its caller functions. When arm_smmu_rpm_get()<br /> fails, the caller functions forget to decrease the refcount of "smmu"<br /> increased by arm_smmu_rpm_get(), causing a refcount leak.<br /> <br /> Fix this issue by calling pm_runtime_resume_and_get() instead of<br /> pm_runtime_get_sync() in arm_smmu_rpm_get(), which can keep the refcount<br /> balanced in case of failure.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2021-47328
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: iscsi: Fix conn use after free during resets<br /> <br /> If we haven&amp;#39;t done a unbind target call we can race where<br /> iscsi_conn_teardown wakes up the EH thread and then frees the conn while<br /> those threads are still accessing the conn ehwait.<br /> <br /> We can only do one TMF per session so this just moves the TMF fields from<br /> the conn to the session. We can then rely on the<br /> iscsi_session_teardown-&gt;iscsi_remove_session-&gt;__iscsi_unbind_session call<br /> to remove the target and it&amp;#39;s devices, and know after that point there is<br /> no device or scsi-ml callout trying to access the session.
Severity CVSS v4.0: Pending analysis
Last modification:
26/12/2024

CVE-2021-47329
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: megaraid_sas: Fix resource leak in case of probe failure<br /> <br /> The driver doesn&amp;#39;t clean up all the allocated resources properly when<br /> scsi_add_host(), megasas_start_aen() function fails during the PCI device<br /> probe.<br /> <br /> Clean up all those resources.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025
Subscribe to Vulnerabilities