Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Vulnerabilidades

Con el objetivo de informar, advertir y ayudar a los profesionales sobre las ultimas vulnerabilidades de seguridad en sistemas tecnológicos, ponemos a disposición de los usuarios interesados en esta información una base de datos con información en castellano sobre cada una de las ultimas vulnerabilidades documentadas y conocidas.

Este repositorio con más de 75.000 registros esta basado en la información de NVD (National Vulnerability Database) – en función de un acuerdo de colaboración – por el cual desde INCIBE realizamos la traducción al castellano de la información incluida. En ocasiones este listado mostrará vulnerabilidades que aún no han sido traducidas debido a que se recogen en el transcurso del tiempo en el que el equipo de INCIBE realiza el proceso de traducción.

Se emplea el estándar de nomenclatura de vulnerabilidades CVE (Common Vulnerabilities and Exposures), con el fin de facilitar el intercambio de información entre diferentes bases de datos y herramientas. Cada una de las vulnerabilidades recogidas enlaza a diversas fuentes de información así como a parches disponibles o soluciones aportadas por los fabricantes y desarrolladores. Es posible realizar búsquedas avanzadas teniendo la opción de seleccionar diferentes criterios como el tipo de vulnerabilidad, fabricante, tipo de impacto entre otros, con el fin de acortar los resultados.

Mediante suscripción RSS o Boletines podemos estar informados diariamente de las ultimas vulnerabilidades incorporadas al repositorio.

CVE-2023-53349

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: ov2740: Fix memleak in ov2740_init_controls()<br /> <br /> There is a kmemleak when testing the media/i2c/ov2740.c with bpf mock<br /> device:<br /> <br /> unreferenced object 0xffff8881090e19e0 (size 16):<br /> comm "51-i2c-ov2740", pid 278, jiffies 4294781584 (age 23.613s)<br /> hex dump (first 16 bytes):<br /> 00 f3 7c 0b 81 88 ff ff 80 75 6a 09 81 88 ff ff ..|......uj.....<br /> backtrace:<br /> [] __kmalloc_node+0x44/0x1b0<br /> [] kvmalloc_node+0x34/0x180<br /> [] v4l2_ctrl_handler_init_class+0x11d/0x180<br /> [videodev]<br /> [] ov2740_probe+0x37d/0x84f [ov2740]<br /> [] i2c_device_probe+0x28d/0x680<br /> [] really_probe+0x17c/0x3f0<br /> [] __driver_probe_device+0xe3/0x170<br /> [] device_driver_attach+0x34/0x80<br /> [] bind_store+0x10b/0x1a0<br /> [] drv_attr_store+0x49/0x70<br /> [] sysfs_kf_write+0x8c/0xb0<br /> [] kernfs_fop_write_iter+0x216/0x2e0<br /> [] vfs_write+0x658/0x810<br /> [] ksys_write+0xd6/0x1b0<br /> [] do_syscall_64+0x38/0x90<br /> [] entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> ov2740_init_controls() won&amp;#39;t clean all the allocated resources in fail<br /> path, which may causes the memleaks. Add v4l2_ctrl_handler_free() to<br /> prevent memleak.
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2023-53350

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> accel/qaic: Fix slicing memory leak<br /> <br /> The temporary buffer storing slicing configuration data from user is only<br /> freed on error. This is a memory leak. Free the buffer unconditionally.
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2023-53339

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix BUG_ON condition in btrfs_cancel_balance<br /> <br /> Pausing and canceling balance can race to interrupt balance lead to BUG_ON<br /> panic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance<br /> does not take this race scenario into account.<br /> <br /> However, the race condition has no other side effects. We can fix that.<br /> <br /> Reproducing it with panic trace like this:<br /> <br /> kernel BUG at fs/btrfs/volumes.c:4618!<br /> RIP: 0010:btrfs_cancel_balance+0x5cf/0x6a0<br /> Call Trace:<br /> <br /> ? do_nanosleep+0x60/0x120<br /> ? hrtimer_nanosleep+0xb7/0x1a0<br /> ? sched_core_clone_cookie+0x70/0x70<br /> btrfs_ioctl_balance_ctl+0x55/0x70<br /> btrfs_ioctl+0xa46/0xd20<br /> __x64_sys_ioctl+0x7d/0xa0<br /> do_syscall_64+0x38/0x80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> Race scenario as follows:<br /> &gt; mutex_unlock(&amp;fs_info-&gt;balance_mutex);<br /> &gt; --------------------<br /> &gt; .......issue pause and cancel req in another thread<br /> &gt; --------------------<br /> &gt; ret = __btrfs_balance(fs_info);<br /> &gt;<br /> &gt; mutex_lock(&amp;fs_info-&gt;balance_mutex);<br /> &gt; if (ret == -ECANCELED &amp;&amp; atomic_read(&amp;fs_info-&gt;balance_pause_req)) {<br /> &gt; btrfs_info(fs_info, "balance: paused");<br /> &gt; btrfs_exclop_balance(fs_info, BTRFS_EXCLOP_BALANCE_PAUSED);<br /> &gt; }
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2023-53340

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5: Collect command failures data only for known commands<br /> <br /> DEVX can issue a general command, which is not used by mlx5 driver.<br /> In case such command is failed, mlx5 is trying to collect the failure<br /> data, However, mlx5 doesn&amp;#39;t create a storage for this command, since<br /> mlx5 doesn&amp;#39;t use it. This lead to array-index-out-of-bounds error.<br /> <br /> Fix it by checking whether the command is known before collecting the<br /> failure data.
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2023-53341

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> of/fdt: run soc memory setup when early_init_dt_scan_memory fails<br /> <br /> If memory has been found early_init_dt_scan_memory now returns 1. If<br /> it hasn&amp;#39;t found any memory it will return 0, allowing other memory<br /> setup mechanisms to carry on.<br /> <br /> Previously early_init_dt_scan_memory always returned 0 without<br /> distinguishing between any kind of memory setup being done or not. Any<br /> code path after the early_init_dt_scan memory call in the ramips<br /> plat_mem_setup code wouldn&amp;#39;t be executed anymore. Making<br /> early_init_dt_scan_memory the only way to initialize the memory.<br /> <br /> Some boards, including my mt7621 based Cudy X6 board, depend on memory<br /> initialization being done via the soc_info.mem_detect function<br /> pointer. Those wouldn&amp;#39;t be able to obtain memory and panic the kernel<br /> during early bootup with the message "early_init_dt_alloc_memory_arch:<br /> Failed to allocate 12416 bytes align=0x40".
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2023-53342

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: marvell: prestera: fix handling IPv4 routes with nhid<br /> <br /> Fix handling IPv4 routes referencing a nexthop via its id by replacing<br /> calls to fib_info_nh() with fib_info_nhc().<br /> <br /> Trying to add an IPv4 route referencing a nextop via nhid:<br /> <br /> $ ip link set up swp5<br /> $ ip a a 10.0.0.1/24 dev swp5<br /> $ ip nexthop add dev swp5 id 20 via 10.0.0.2<br /> $ ip route add 10.0.1.0/24 nhid 20<br /> <br /> triggers warnings when trying to handle the route:<br /> <br /> [ 528.805763] ------------[ cut here ]------------<br /> [ 528.810437] WARNING: CPU: 3 PID: 53 at include/net/nexthop.h:468 __prestera_fi_is_direct+0x2c/0x68 [prestera]<br /> [ 528.820434] Modules linked in: prestera_pci act_gact act_police sch_ingress cls_u32 cls_flower prestera arm64_delta_tn48m_dn_led(O) arm64_delta_tn48m_dn_cpld(O) [last unloaded: prestera_pci]<br /> [ 528.837485] CPU: 3 PID: 53 Comm: kworker/u8:3 Tainted: G O 6.4.5 #1<br /> [ 528.845178] Hardware name: delta,tn48m-dn (DT)<br /> [ 528.849641] Workqueue: prestera_ordered __prestera_router_fib_event_work [prestera]<br /> [ 528.857352] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> [ 528.864347] pc : __prestera_fi_is_direct+0x2c/0x68 [prestera]<br /> [ 528.870135] lr : prestera_k_arb_fib_evt+0xb20/0xd50 [prestera]<br /> [ 528.876007] sp : ffff80000b20bc90<br /> [ 528.879336] x29: ffff80000b20bc90 x28: 0000000000000000 x27: ffff0001374d3a48<br /> [ 528.886510] x26: ffff000105604000 x25: ffff000134af8a28 x24: ffff0001374d3800<br /> [ 528.893683] x23: ffff000101c89148 x22: ffff000101c89000 x21: ffff000101c89200<br /> [ 528.900855] x20: ffff00013641fda0 x19: ffff800009d01088 x18: 0000000000000059<br /> [ 528.908027] x17: 0000000000000277 x16: 0000000000000000 x15: 0000000000000000<br /> [ 528.915198] x14: 0000000000000003 x13: 00000000000fe400 x12: 0000000000000000<br /> [ 528.922371] x11: 0000000000000002 x10: 0000000000000aa0 x9 : ffff8000013d2020<br /> [ 528.929543] x8 : 0000000000000018 x7 : 000000007b1703f8 x6 : 000000001ca72f86<br /> [ 528.936715] x5 : 0000000033399ea7 x4 : 0000000000000000 x3 : ffff0001374d3acc<br /> [ 528.943886] x2 : 0000000000000000 x1 : ffff00010200de00 x0 : ffff000134ae3f80<br /> [ 528.951058] Call trace:<br /> [ 528.953516] __prestera_fi_is_direct+0x2c/0x68 [prestera]<br /> [ 528.958952] __prestera_router_fib_event_work+0x100/0x158 [prestera]<br /> [ 528.965348] process_one_work+0x208/0x488<br /> [ 528.969387] worker_thread+0x4c/0x430<br /> [ 528.973068] kthread+0x120/0x138<br /> [ 528.976313] ret_from_fork+0x10/0x20<br /> [ 528.979909] ---[ end trace 0000000000000000 ]---<br /> [ 528.984998] ------------[ cut here ]------------<br /> [ 528.989645] WARNING: CPU: 3 PID: 53 at include/net/nexthop.h:468 __prestera_fi_is_direct+0x2c/0x68 [prestera]<br /> [ 528.999628] Modules linked in: prestera_pci act_gact act_police sch_ingress cls_u32 cls_flower prestera arm64_delta_tn48m_dn_led(O) arm64_delta_tn48m_dn_cpld(O) [last unloaded: prestera_pci]<br /> [ 529.016676] CPU: 3 PID: 53 Comm: kworker/u8:3 Tainted: G W O 6.4.5 #1<br /> [ 529.024368] Hardware name: delta,tn48m-dn (DT)<br /> [ 529.028830] Workqueue: prestera_ordered __prestera_router_fib_event_work [prestera]<br /> [ 529.036539] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> [ 529.043533] pc : __prestera_fi_is_direct+0x2c/0x68 [prestera]<br /> [ 529.049318] lr : __prestera_k_arb_fc_apply+0x280/0x2f8 [prestera]<br /> [ 529.055452] sp : ffff80000b20bc60<br /> [ 529.058781] x29: ffff80000b20bc60 x28: 0000000000000000 x27: ffff0001374d3a48<br /> [ 529.065953] x26: ffff000105604000 x25: ffff000134af8a28 x24: ffff0001374d3800<br /> [ 529.073126] x23: ffff000101c89148 x22: ffff000101c89148 x21: ffff00013641fda0<br /> [ 529.080299] x20: ffff000101c89000 x19: ffff000101c89020 x18: 0000000000000059<br /> [ 529.087471] x17: 0000000000000277 x16: 0000000000000000 x15: 0000000000000000<br /> [ 529.094642] x14: 0000000000000003 x13: 00000000000fe400 x12: 0000000000000000<br /> [ 529.101814] x11: 0000000000000002 x10: 0000000000000aa0 x9 : ffff8000013cee80<br /> [ 529.108985] x8 : 0000000000000018 x7 : 000000007b1703f8 x6 <br /> ---truncated---
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2022-50371

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> led: qcom-lpg: Fix sleeping in atomic<br /> <br /> lpg_brighness_set() function can sleep, while led&amp;#39;s brightness_set()<br /> callback must be non-blocking. Change LPG driver to use<br /> brightness_set_blocking() instead.<br /> <br /> BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580<br /> in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/0<br /> preempt_count: 101, expected: 0<br /> INFO: lockdep is turned off.<br /> CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.1.0-rc1-00014-gbe99b089c6fc-dirty #85<br /> Hardware name: Qualcomm Technologies, Inc. DB820c (DT)<br /> Call trace:<br /> dump_backtrace.part.0+0xe4/0xf0<br /> show_stack+0x18/0x40<br /> dump_stack_lvl+0x88/0xb4<br /> dump_stack+0x18/0x34<br /> __might_resched+0x170/0x254<br /> __might_sleep+0x48/0x9c<br /> __mutex_lock+0x4c/0x400<br /> mutex_lock_nested+0x2c/0x40<br /> lpg_brightness_single_set+0x40/0x90<br /> led_set_brightness_nosleep+0x34/0x60<br /> led_heartbeat_function+0x80/0x170<br /> call_timer_fn+0xb8/0x340<br /> __run_timers.part.0+0x20c/0x254<br /> run_timer_softirq+0x3c/0x7c<br /> _stext+0x14c/0x578<br /> ____do_softirq+0x10/0x20<br /> call_on_irq_stack+0x2c/0x5c<br /> do_softirq_own_stack+0x1c/0x30<br /> __irq_exit_rcu+0x164/0x170<br /> irq_exit_rcu+0x10/0x40<br /> el1_interrupt+0x38/0x50<br /> el1h_64_irq_handler+0x18/0x2c<br /> el1h_64_irq+0x64/0x68<br /> cpuidle_enter_state+0xc8/0x380<br /> cpuidle_enter+0x38/0x50<br /> do_idle+0x244/0x2d0<br /> cpu_startup_entry+0x24/0x30<br /> rest_init+0x128/0x1a0<br /> arch_post_acpi_subsys_init+0x0/0x18<br /> start_kernel+0x6f4/0x734<br /> __primary_switched+0xbc/0xc4
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2022-50372

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cifs: Fix memory leak when build ntlmssp negotiate blob failed<br /> <br /> There is a memory leak when mount cifs:<br /> unreferenced object 0xffff888166059600 (size 448):<br /> comm "mount.cifs", pid 51391, jiffies 4295596373 (age 330.596s)<br /> hex dump (first 32 bytes):<br /> fe 53 4d 42 40 00 00 00 00 00 00 00 01 00 82 00 .SMB@...........<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> backtrace:<br /> [] mempool_alloc+0xe1/0x260<br /> [] cifs_small_buf_get+0x24/0x60<br /> [] __smb2_plain_req_init+0x32/0x460<br /> [] SMB2_sess_alloc_buffer+0xa4/0x3f0<br /> [] SMB2_sess_auth_rawntlmssp_negotiate+0xf5/0x480<br /> [] SMB2_sess_setup+0x253/0x410<br /> [] cifs_setup_session+0x18f/0x4c0<br /> [] cifs_get_smb_ses+0xae7/0x13c0<br /> [] mount_get_conns+0x7a/0x730<br /> [] cifs_mount+0x103/0xd10<br /> [] cifs_smb3_do_mount+0x1dd/0xc90<br /> [] smb3_get_tree+0x1d5/0x300<br /> [] vfs_get_tree+0x41/0xf0<br /> [] path_mount+0x9b3/0xdd0<br /> [] __x64_sys_mount+0x190/0x1d0<br /> [] do_syscall_64+0x35/0x80<br /> <br /> When build ntlmssp negotiate blob failed, the session setup request<br /> should be freed.
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2022-50373

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs: dlm: fix race in lowcomms<br /> <br /> This patch fixes a race between queue_work() in<br /> _dlm_lowcomms_commit_msg() and srcu_read_unlock(). The queue_work() can<br /> take the final reference of a dlm_msg and so msg-&gt;idx can contain<br /> garbage which is signaled by the following warning:<br /> <br /> [ 676.237050] ------------[ cut here ]------------<br /> [ 676.237052] WARNING: CPU: 0 PID: 1060 at include/linux/srcu.h:189 dlm_lowcomms_commit_msg+0x41/0x50<br /> [ 676.238945] Modules linked in: dlm_locktorture torture rpcsec_gss_krb5 intel_rapl_msr intel_rapl_common iTCO_wdt iTCO_vendor_support qxl kvm_intel drm_ttm_helper vmw_vsock_virtio_transport kvm vmw_vsock_virtio_transport_common ttm irqbypass crc32_pclmul joydev crc32c_intel serio_raw drm_kms_helper vsock virtio_scsi virtio_console virtio_balloon snd_pcm drm syscopyarea sysfillrect sysimgblt snd_timer fb_sys_fops i2c_i801 lpc_ich snd i2c_smbus soundcore pcspkr<br /> [ 676.244227] CPU: 0 PID: 1060 Comm: lock_torture_wr Not tainted 5.19.0-rc3+ #1546<br /> [ 676.245216] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-2.module+el8.7.0+15506+033991b0 04/01/2014<br /> [ 676.246460] RIP: 0010:dlm_lowcomms_commit_msg+0x41/0x50<br /> [ 676.247132] Code: fe ff ff ff 75 24 48 c7 c6 bd 0f 49 bb 48 c7 c7 38 7c 01 bd e8 00 e7 ca ff 89 de 48 c7 c7 60 78 01 bd e8 42 3d cd ff 5b 5d c3 0b eb d8 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48<br /> [ 676.249253] RSP: 0018:ffffa401c18ffc68 EFLAGS: 00010282<br /> [ 676.249855] RAX: 0000000000000001 RBX: 00000000ffff8b76 RCX: 0000000000000006<br /> [ 676.250713] RDX: 0000000000000000 RSI: ffffffffbccf3a10 RDI: ffffffffbcc7b62e<br /> [ 676.251610] RBP: ffffa401c18ffc70 R08: 0000000000000001 R09: 0000000000000001<br /> [ 676.252481] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000005<br /> [ 676.253421] R13: ffff8b76786ec370 R14: ffff8b76786ec370 R15: ffff8b76786ec480<br /> [ 676.254257] FS: 0000000000000000(0000) GS:ffff8b7777800000(0000) knlGS:0000000000000000<br /> [ 676.255239] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 676.255897] CR2: 00005590205d88b8 CR3: 000000017656c003 CR4: 0000000000770ee0<br /> [ 676.256734] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [ 676.257567] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> [ 676.258397] PKRU: 55555554<br /> [ 676.258729] Call Trace:<br /> [ 676.259063] <br /> [ 676.259354] dlm_midcomms_commit_mhandle+0xcc/0x110<br /> [ 676.259964] queue_bast+0x8b/0xb0<br /> [ 676.260423] grant_pending_locks+0x166/0x1b0<br /> [ 676.261007] _unlock_lock+0x75/0x90<br /> [ 676.261469] unlock_lock.isra.57+0x62/0xa0<br /> [ 676.262009] dlm_unlock+0x21e/0x330<br /> [ 676.262457] ? lock_torture_stats+0x80/0x80 [dlm_locktorture]<br /> [ 676.263183] torture_unlock+0x5a/0x90 [dlm_locktorture]<br /> [ 676.263815] ? preempt_count_sub+0xba/0x100<br /> [ 676.264361] ? complete+0x1d/0x60<br /> [ 676.264777] lock_torture_writer+0xb8/0x150 [dlm_locktorture]<br /> [ 676.265555] kthread+0x10a/0x130<br /> [ 676.266007] ? kthread_complete_and_exit+0x20/0x20<br /> [ 676.266616] ret_from_fork+0x22/0x30<br /> [ 676.267097] <br /> [ 676.267381] irq event stamp: 9579855<br /> [ 676.267824] hardirqs last enabled at (9579863): [] __up_console_sem+0x58/0x60<br /> [ 676.268896] hardirqs last disabled at (9579872): [] __up_console_sem+0x3d/0x60<br /> [ 676.270008] softirqs last enabled at (9579798): [] __do_softirq+0x349/0x4c7<br /> [ 676.271438] softirqs last disabled at (9579897): [] irq_exit_rcu+0xb0/0xf0<br /> [ 676.272796] ---[ end trace 0000000000000000 ]---<br /> <br /> I reproduced this warning with dlm_locktorture test which is currently<br /> not upstream. However this patch fix the issue by make a additional<br /> refcount between dlm_lowcomms_new_msg() and dlm_lowcomms_commit_msg().<br /> In case of the race the kref_put() in dlm_lowcomms_commit_msg() will be<br /> the final put.
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2022-50374

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure<br /> <br /> syzbot is reporting NULL pointer dereference at hci_uart_tty_close() [1],<br /> for rcu_sync_enter() is called without rcu_sync_init() due to<br /> hci_uart_tty_open() ignoring percpu_init_rwsem() failure.<br /> <br /> While we are at it, fix that hci_uart_register_device() ignores<br /> percpu_init_rwsem() failure and hci_uart_unregister_device() does not<br /> call percpu_free_rwsem().
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2023-53335

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish()<br /> <br /> If get_ep_from_tid() fails to lookup non-NULL value for ep, ep is<br /> dereferenced later regardless of whether it is empty.<br /> This patch adds a simple sanity check to fix the issue.<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with SVACE.
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025

CVE-2023-53336

Fecha de publicación:
17/09/2025
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings<br /> <br /> When ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run<br /> sensor-&gt;adev is not set yet.<br /> <br /> So if either of the dev_warn() calls about unknown values are hit this<br /> will lead to a NULL pointer deref.<br /> <br /> Set sensor-&gt;adev earlier, with a borrowed ref to avoid making unrolling<br /> on errors harder, to fix this.
Gravedad: Pendiente de análisis
Última modificación:
18/09/2025