Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-50533
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: mac80211: mlme: fix null-ptr deref on failed assoc<br /> <br /> If association to an AP without a link 0 fails, then we crash in<br /> tracing because it assumes that either ap_mld_addr or link 0 BSS<br /> is valid, since we clear sdata-&gt;vif.valid_links and then don&amp;#39;t<br /> add the ap_mld_addr to the struct.<br /> <br /> Since we clear also sdata-&gt;vif.cfg.ap_addr, keep a local copy of<br /> it and assign it earlier, before clearing valid_links, to fix<br /> this.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2026

CVE-2022-50532
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()<br /> <br /> In mpt3sas_transport_port_add(), if sas_rphy_add() returns error,<br /> sas_rphy_free() needs be called to free the resource allocated in<br /> sas_end_device_alloc(). Otherwise a kernel crash will happen:<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108<br /> CPU: 45 PID: 37020 Comm: bash Kdump: loaded Tainted: G W 6.1.0-rc1+ #189<br /> pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : device_del+0x54/0x3d0<br /> lr : device_del+0x37c/0x3d0<br /> Call trace:<br /> device_del+0x54/0x3d0<br /> attribute_container_class_device_del+0x28/0x38<br /> transport_remove_classdev+0x6c/0x80<br /> attribute_container_device_trigger+0x108/0x110<br /> transport_remove_device+0x28/0x38<br /> sas_rphy_remove+0x50/0x78 [scsi_transport_sas]<br /> sas_port_delete+0x30/0x148 [scsi_transport_sas]<br /> do_sas_phy_delete+0x78/0x80 [scsi_transport_sas]<br /> device_for_each_child+0x68/0xb0<br /> sas_remove_children+0x30/0x50 [scsi_transport_sas]<br /> sas_rphy_remove+0x38/0x78 [scsi_transport_sas]<br /> sas_port_delete+0x30/0x148 [scsi_transport_sas]<br /> do_sas_phy_delete+0x78/0x80 [scsi_transport_sas]<br /> device_for_each_child+0x68/0xb0<br /> sas_remove_children+0x30/0x50 [scsi_transport_sas]<br /> sas_remove_host+0x20/0x38 [scsi_transport_sas]<br /> scsih_remove+0xd8/0x420 [mpt3sas]<br /> <br /> Because transport_add_device() is not called when sas_rphy_add() fails, the<br /> device is not added. When sas_rphy_remove() is subsequently called to<br /> remove the device in the remove() path, a NULL pointer dereference happens.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2026

CVE-2022-50531
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tipc: fix an information leak in tipc_topsrv_kern_subscr<br /> <br /> Use a 8-byte write to initialize sub.usr_handle in<br /> tipc_topsrv_kern_subscr(), otherwise four bytes remain uninitialized<br /> when issuing setsockopt(..., SOL_TIPC, ...).<br /> This resulted in an infoleak reported by KMSAN when the packet was<br /> received:<br /> <br /> =====================================================<br /> BUG: KMSAN: kernel-infoleak in copyout+0xbc/0x100 lib/iov_iter.c:169<br /> instrument_copy_to_user ./include/linux/instrumented.h:121<br /> copyout+0xbc/0x100 lib/iov_iter.c:169<br /> _copy_to_iter+0x5c0/0x20a0 lib/iov_iter.c:527<br /> copy_to_iter ./include/linux/uio.h:176<br /> simple_copy_to_iter+0x64/0xa0 net/core/datagram.c:513<br /> __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419<br /> skb_copy_datagram_iter+0x58/0x200 net/core/datagram.c:527<br /> skb_copy_datagram_msg ./include/linux/skbuff.h:3903<br /> packet_recvmsg+0x521/0x1e70 net/packet/af_packet.c:3469<br /> ____sys_recvmsg+0x2c4/0x810 net/socket.c:?<br /> ___sys_recvmsg+0x217/0x840 net/socket.c:2743<br /> __sys_recvmsg net/socket.c:2773<br /> __do_sys_recvmsg net/socket.c:2783<br /> __se_sys_recvmsg net/socket.c:2780<br /> __x64_sys_recvmsg+0x364/0x540 net/socket.c:2780<br /> do_syscall_x64 arch/x86/entry/common.c:50<br /> do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd arch/x86/entry/entry_64.S:120<br /> <br /> ...<br /> <br /> Uninit was stored to memory at:<br /> tipc_sub_subscribe+0x42d/0xb50 net/tipc/subscr.c:156<br /> tipc_conn_rcv_sub+0x246/0x620 net/tipc/topsrv.c:375<br /> tipc_topsrv_kern_subscr+0x2e8/0x400 net/tipc/topsrv.c:579<br /> tipc_group_create+0x4e7/0x7d0 net/tipc/group.c:190<br /> tipc_sk_join+0x2a8/0x770 net/tipc/socket.c:3084<br /> tipc_setsockopt+0xae5/0xe40 net/tipc/socket.c:3201<br /> __sys_setsockopt+0x87f/0xdc0 net/socket.c:2252<br /> __do_sys_setsockopt net/socket.c:2263<br /> __se_sys_setsockopt net/socket.c:2260<br /> __x64_sys_setsockopt+0xe0/0x160 net/socket.c:2260<br /> do_syscall_x64 arch/x86/entry/common.c:50<br /> do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd arch/x86/entry/entry_64.S:120<br /> <br /> Local variable sub created at:<br /> tipc_topsrv_kern_subscr+0x57/0x400 net/tipc/topsrv.c:562<br /> tipc_group_create+0x4e7/0x7d0 net/tipc/group.c:190<br /> <br /> Bytes 84-87 of 88 are uninitialized<br /> Memory access of size 88 starts at ffff88801ed57cd0<br /> Data copied to user address 0000000020000400<br /> ...<br /> =====================================================
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2026

CVE-2022-50530
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()<br /> <br /> Our syzkaller report a null pointer dereference, root cause is<br /> following:<br /> <br /> __blk_mq_alloc_map_and_rqs<br /> set-&gt;tags[hctx_idx] = blk_mq_alloc_map_and_rqs<br /> blk_mq_alloc_map_and_rqs<br /> blk_mq_alloc_rqs<br /> // failed due to oom<br /> alloc_pages_node<br /> // set-&gt;tags[hctx_idx] is still NULL<br /> blk_mq_free_rqs<br /> drv_tags = set-&gt;tags[hctx_idx];<br /> // null pointer dereference is triggered<br /> blk_mq_clear_rq_mapping(drv_tags, ...)<br /> <br /> This is because commit 63064be150e4 ("blk-mq:<br /> Add blk_mq_alloc_map_and_rqs()") merged the two steps:<br /> <br /> 1) set-&gt;tags[hctx_idx] = blk_mq_alloc_rq_map()<br /> 2) blk_mq_alloc_rqs(..., set-&gt;tags[hctx_idx])<br /> <br /> into one step:<br /> <br /> set-&gt;tags[hctx_idx] = blk_mq_alloc_map_and_rqs()<br /> <br /> Since tags is not initialized yet in this case, fix the problem by<br /> checking if tags is NULL pointer in blk_mq_clear_rq_mapping().
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2026

CVE-2022-50535
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Fix potential null-deref in dm_resume<br /> <br /> [Why]<br /> Fixing smatch error:<br /> dm_resume() error: we previously assumed &amp;#39;aconnector-&gt;dc_link&amp;#39; could be null<br /> <br /> [How]<br /> Check if dc_link null at the beginning of the loop,<br /> so further checks can be dropped.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2026

CVE-2022-50528
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdkfd: Fix memory leakage<br /> <br /> This patch fixes potential memory leakage and seg fault<br /> in _gpuvm_import_dmabuf() function
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50527
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix size validation for non-exclusive domains (v4)<br /> <br /> Fix amdgpu_bo_validate_size() to check whether the TTM domain manager for the<br /> requested memory exists, else we get a kernel oops when dereferencing "man".<br /> <br /> v2: Make the patch standalone, i.e. not dependent on local patches.<br /> v3: Preserve old behaviour and just check that the manager pointer is not<br /> NULL.<br /> v4: Complain if GTT domain requested and it is uninitialized--most likely a<br /> bug.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50526
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm/dp: fix memory corruption with too many bridges<br /> <br /> Add the missing sanity check on the bridge counter to avoid corrupting<br /> data beyond the fixed-sized bridge array in case there are ever more<br /> than eight bridges.<br /> <br /> Patchwork: https://patchwork.freedesktop.org/patch/502664/
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50525
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()<br /> <br /> The fsl_pamu_probe() returns directly when create_csd() failed, leaving<br /> irq and memories unreleased.<br /> Fix by jumping to error if create_csd() returns error.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50524
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/mediatek: Check return value after calling platform_get_resource()<br /> <br /> platform_get_resource() may return NULL pointer, we need check its<br /> return value to avoid null-ptr-deref in resource_size().
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50523
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clk: rockchip: Fix memory leak in rockchip_clk_register_pll()<br /> <br /> If clk_register() fails, @pll-&gt;rate_table may have allocated memory by<br /> kmemdup(), so it needs to be freed, otherwise will cause memory leak<br /> issue, this patch fixes it.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2022-50522
Publication date:
07/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mcb: mcb-parse: fix error handing in chameleon_parse_gdd()<br /> <br /> If mcb_device_register() returns error in chameleon_parse_gdd(), the refcount<br /> of bus and device name are leaked. Fix this by calling put_device() to give up<br /> the reference, so they can be released in mcb_release_dev() and kobject_cleanup().
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026
Subscribe to Vulnerabilities