Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-38538
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: nbpfaxi: Fix memory corruption in probe()<br /> <br /> The nbpf-&gt;chan[] array is allocated earlier in the nbpf_probe() function<br /> and it has "num_channels" elements. These three loops iterate one<br /> element farther than they should and corrupt memory.<br /> <br /> The changes to the second loop are more involved. In this case, we&amp;#39;re<br /> copying data from the irqbuf[] array into the nbpf-&gt;chan[] array. If<br /> the data in irqbuf[i] is the error IRQ then we skip it, so the iterators<br /> are not in sync. I added a check to ensure that we don&amp;#39;t go beyond the<br /> end of the irqbuf[] array. I&amp;#39;m pretty sure this can&amp;#39;t happen, but it<br /> seemed harmless to add a check.<br /> <br /> On the other hand, after the loop has ended there is a check to ensure<br /> that the "chan" iterator is where we expect it to be. In the original<br /> code we went one element beyond the end of the array so the iterator<br /> wasn&amp;#39;t in the correct place and it would always return -EINVAL. However,<br /> now it will always be in the correct place. I deleted the check since<br /> we know the result.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2026

CVE-2025-38535
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode<br /> <br /> When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code<br /> assumed that the regulator should be disabled. However, if the regulator<br /> is marked as always-on, regulator_is_enabled() continues to return true,<br /> leading to an incorrect attempt to disable a regulator which is not<br /> enabled.<br /> <br /> This can result in warnings such as:<br /> <br /> [ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004<br /> _regulator_disable+0xe4/0x1a0<br /> [ 250.155652] unbalanced disables for VIN_SYS_5V0<br /> <br /> To fix this, we move the regulator control logic into<br /> tegra186_xusb_padctl_id_override() function since it&amp;#39;s directly related<br /> to the ID override state. The regulator is now only disabled when the role<br /> transitions from USB_ROLE_HOST to USB_ROLE_NONE, by checking the VBUS_ID<br /> register. This ensures that regulator enable/disable operations are<br /> properly balanced and only occur when actually transitioning to/from host<br /> mode.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2026

CVE-2025-38537
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: phy: Don&amp;#39;t register LEDs for genphy<br /> <br /> If a PHY has no driver, the genphy driver is probed/removed directly in<br /> phy_attach/detach. If the PHY&amp;#39;s ofnode has an "leds" subnode, then the<br /> LEDs will be (un)registered when probing/removing the genphy driver.<br /> This could occur if the leds are for a non-generic driver that isn&amp;#39;t<br /> loaded for whatever reason. Synchronously removing the PHY device in<br /> phy_detach leads to the following deadlock:<br /> <br /> rtnl_lock()<br /> ndo_close()<br /> ...<br /> phy_detach()<br /> phy_remove()<br /> phy_leds_unregister()<br /> led_classdev_unregister()<br /> led_trigger_set()<br /> netdev_trigger_deactivate()<br /> unregister_netdevice_notifier()<br /> rtnl_lock()<br /> <br /> There is a corresponding deadlock on the open/register side of things<br /> (and that one is reported by lockdep), but it requires a race while this<br /> one is deterministic.<br /> <br /> Generic PHYs do not support LEDs anyway, so don&amp;#39;t bother registering<br /> them.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2025

CVE-2025-38541
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()<br /> <br /> devm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init()<br /> does not check for this case, which results in a NULL pointer<br /> dereference.<br /> <br /> Add NULL check after devm_kasprintf() to prevent this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2025

CVE-2025-38534
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfs: Fix copy-to-cache so that it performs collection with ceph+fscache<br /> <br /> The netfs copy-to-cache that is used by Ceph with local caching sets up a<br /> new request to write data just read to the cache. The request is started<br /> and then left to look after itself whilst the app continues. The request<br /> gets notified by the backing fs upon completion of the async DIO write, but<br /> then tries to wake up the app because NETFS_RREQ_OFFLOAD_COLLECTION isn&amp;#39;t<br /> set - but the app isn&amp;#39;t waiting there, and so the request just hangs.<br /> <br /> Fix this by setting NETFS_RREQ_OFFLOAD_COLLECTION which causes the<br /> notification from the backing filesystem to put the collection onto a work<br /> queue instead.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2025

CVE-2025-38536
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: airoha: fix potential use-after-free in airoha_npu_get()<br /> <br /> np-&gt;name was being used after calling of_node_put(np), which<br /> releases the node and can lead to a use-after-free bug.<br /> Previously, of_node_put(np) was called unconditionally after<br /> of_find_device_by_node(np), which could result in a use-after-free if<br /> pdev is NULL.<br /> <br /> This patch moves of_node_put(np) after the error check to ensure<br /> the node is only released after both the error and success cases<br /> are handled appropriately, preventing potential resource issues.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2025

CVE-2025-38540
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras<br /> <br /> The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 &amp; 04F2:B82C)<br /> report a HID sensor interface that is not actually implemented.<br /> Attempting to access this non-functional sensor via iio_info causes<br /> system hangs as runtime PM tries to wake up an unresponsive sensor.<br /> <br /> Add these 2 devices to the HID ignore list since the sensor interface is<br /> non-functional by design and should not be exposed to userspace.
Severity CVSS v4.0: Pending analysis
Last modification:
22/01/2026

CVE-2025-38527
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: client: fix use-after-free in cifs_oplock_break<br /> <br /> A race condition can occur in cifs_oplock_break() leading to a<br /> use-after-free of the cinode structure when unmounting:<br /> <br /> cifs_oplock_break()<br /> _cifsFileInfo_put(cfile)<br /> cifsFileInfo_put_final()<br /> cifs_sb_deactive()<br /> [last ref, start releasing sb]<br /> kill_sb()<br /> kill_anon_super()<br /> generic_shutdown_super()<br /> evict_inodes()<br /> dispose_list()<br /> evict()<br /> destroy_inode()<br /> call_rcu(&amp;inode-&gt;i_rcu, i_callback)<br /> spin_lock(&amp;cinode-&gt;open_file_lock) open_file_lock)
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2026

CVE-2025-38530
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> comedi: pcl812: Fix bit shift out of bounds<br /> <br /> When checking for a supported IRQ number, the following test is used:<br /> <br /> if ((1 irq_bits) {<br /> <br /> However, `it-&gt;options[i]` is an unchecked `int` value from userspace, so<br /> the shift amount could be negative or out of bounds. Fix the test by<br /> requiring `it-&gt;options[1]` to be within bounds before proceeding with<br /> the original test. Valid `it-&gt;options[1]` values that select the IRQ<br /> will be in the range [1,15]. The value 0 explicitly disables the use of<br /> interrupts.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2026

CVE-2025-38529
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> comedi: aio_iiro_16: Fix bit shift out of bounds<br /> <br /> When checking for a supported IRQ number, the following test is used:<br /> <br /> if ((1 options[i]` is an unchecked `int` value from userspace, so<br /> the shift amount could be negative or out of bounds. Fix the test by<br /> requiring `it-&gt;options[1]` to be within bounds before proceeding with<br /> the original test. Valid `it-&gt;options[1]` values that select the IRQ<br /> will be in the range [1,15]. The value 0 explicitly disables the use of<br /> interrupts.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2026

CVE-2025-38528
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Reject %p% format string in bprintf-like helpers<br /> <br /> static const char fmt[] = "%p%";<br /> bpf_trace_printk(fmt, sizeof(fmt));<br /> <br /> The above BPF program isn&amp;#39;t rejected and causes a kernel warning at<br /> runtime:<br /> <br /> Please remove unsupported %\x00 in format string<br /> WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0<br /> <br /> This happens because bpf_bprintf_prepare skips over the second %,<br /> detected as punctuation, while processing %p. This patch fixes it by<br /> not skipping over punctuation. %\x00 is then processed in the next<br /> iteration and rejected.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2026

CVE-2025-38526
Publication date:
16/08/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ice: add NULL check in eswitch lag check<br /> <br /> The function ice_lag_is_switchdev_running() is being called from outside of<br /> the LAG event handler code. This results in the lag-&gt;upper_netdev being<br /> NULL sometimes. To avoid a NULL-pointer dereference, there needs to be a<br /> check before it is dereferenced.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2025
Subscribe to Vulnerabilities