Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-38705
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/pm: fix null pointer access<br /> <br /> Writing a string without delimiters (&amp;#39; &amp;#39;, &amp;#39;\n&amp;#39;, &amp;#39;\0&amp;#39;) to the under<br /> gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile<br /> will result in a null pointer dereference.
Severity CVSS v4.0: Pending analysis
Last modification:
24/11/2025

CVE-2025-38703
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/xe: Make dma-fences compliant with the safe access rules<br /> <br /> Xe can free some of the data pointed to by the dma-fences it exports. Most<br /> notably the timeline name can get freed if userspace closes the associated<br /> submit queue. At the same time the fence could have been exported to a<br /> third party (for example a sync_fence fd) which will then cause an use-<br /> after-free on subsequent access.<br /> <br /> To make this safe we need to make the driver compliant with the newly<br /> documented dma-fence rules. Driver has to ensure a RCU grace period<br /> between signalling a fence and freeing any data pointed to by said fence.<br /> <br /> For the timeline name we simply make the queue be freed via kfree_rcu and<br /> for the shared lock associated with multiple queues we add a RCU grace<br /> period before freeing the per GT structure holding the lock.
Severity CVSS v4.0: Pending analysis
Last modification:
24/11/2025

CVE-2025-38709
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> loop: Avoid updating block size under exclusive owner<br /> <br /> Syzbot came up with a reproducer where a loop device block size is<br /> changed underneath a mounted filesystem. This causes a mismatch between<br /> the block device block size and the block size stored in the superblock<br /> causing confusion in various places such as fs/buffer.c. The particular<br /> issue triggered by syzbot was a warning in __getblk_slow() due to<br /> requested buffer size not matching block device block size.<br /> <br /> Fix the problem by getting exclusive hold of the loop device to change<br /> its block size. This fails if somebody (such as filesystem) has already<br /> an exclusive ownership of the block device and thus prevents modifying<br /> the loop device under some exclusive owner which doesn&amp;#39;t expect it.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2025

CVE-2025-38708
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drbd: add missing kref_get in handle_write_conflicts<br /> <br /> With `two-primaries` enabled, DRBD tries to detect "concurrent" writes<br /> and handle write conflicts, so that even if you write to the same sector<br /> simultaneously on both nodes, they end up with the identical data once<br /> the writes are completed.<br /> <br /> In handling "superseeded" writes, we forgot a kref_get,<br /> resulting in a premature drbd_destroy_device and use after free,<br /> and further to kernel crashes with symptoms.<br /> <br /> Relevance: No one should use DRBD as a random data generator, and apparently<br /> all users of "two-primaries" handle concurrent writes correctly on layer up.<br /> That is cluster file systems use some distributed lock manager,<br /> and live migration in virtualization environments stops writes on one node<br /> before starting writes on the other node.<br /> <br /> Which means that other than for "test cases",<br /> this code path is never taken in real life.<br /> <br /> FYI, in DRBD 9, things are handled differently nowadays. We still detect<br /> "write conflicts", but no longer try to be smart about them.<br /> We decided to disconnect hard instead: upper layers must not submit concurrent<br /> writes. If they do, that&amp;#39;s their fault.
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2026

CVE-2025-38704
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rcu/nocb: Fix possible invalid rdp&amp;#39;s-&gt;nocb_cb_kthread pointer access<br /> <br /> In the preparation stage of CPU online, if the corresponding<br /> the rdp&amp;#39;s-&gt;nocb_cb_kthread does not exist, will be created,<br /> there is a situation where the rdp&amp;#39;s rcuop kthreads creation fails,<br /> and then de-offload this CPU&amp;#39;s rdp, does not assign this CPU&amp;#39;s<br /> rdp-&gt;nocb_cb_kthread pointer, but this rdp&amp;#39;s-&gt;nocb_gp_rdp and<br /> rdp&amp;#39;s-&gt;rdp_gp-&gt;nocb_gp_kthread is still valid.<br /> <br /> This will cause the subsequent re-offload operation of this offline<br /> CPU, which will pass the conditional check and the kthread_unpark()<br /> will access invalid rdp&amp;#39;s-&gt;nocb_cb_kthread pointer.<br /> <br /> This commit therefore use rdp&amp;#39;s-&gt;nocb_gp_kthread instead of<br /> rdp_gp&amp;#39;s-&gt;nocb_gp_kthread for safety check.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-38699
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: bfa: Double-free fix<br /> <br /> When the bfad_im_probe() function fails during initialization, the memory<br /> pointed to by bfad-&gt;im is freed without setting bfad-&gt;im to NULL.<br /> <br /> Subsequently, during driver uninstallation, when the state machine enters<br /> the bfad_sm_stopping state and calls the bfad_im_probe_undo() function,<br /> it attempts to free the memory pointed to by bfad-&gt;im again, thereby<br /> triggering a double-free vulnerability.<br /> <br /> Set bfad-&gt;im to NULL if probing fails.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2026

CVE-2025-38701
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr<br /> <br /> A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data()<br /> when an inode had the INLINE_DATA_FL flag set but was missing the<br /> system.data extended attribute.<br /> <br /> Since this can happen due to a maiciouly fuzzed file system, we<br /> shouldn&amp;#39;t BUG, but rather, report it as a corrupted file system.<br /> <br /> Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii<br /> ext4_create_inline_data() and ext4_inline_data_truncate().
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2026

CVE-2025-38700
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: libiscsi: Initialize iscsi_conn-&gt;dd_data only if memory is allocated<br /> <br /> In case of an ib_fast_reg_mr allocation failure during iSER setup, the<br /> machine hits a panic because iscsi_conn-&gt;dd_data is initialized<br /> unconditionally, even when no memory is allocated (dd_size == 0). This<br /> leads invalid pointer dereference during connection teardown.<br /> <br /> Fix by setting iscsi_conn-&gt;dd_data only if memory is actually allocated.<br /> <br /> Panic trace:<br /> ------------<br /> iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12<br /> iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers<br /> BUG: unable to handle page fault for address: fffffffffffffff8<br /> RIP: 0010:swake_up_locked.part.5+0xa/0x40<br /> Call Trace:<br /> complete+0x31/0x40<br /> iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]<br /> iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]<br /> iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]<br /> iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]<br /> ? netlink_lookup+0x12f/0x1b0<br /> ? netlink_deliver_tap+0x2c/0x200<br /> netlink_unicast+0x1ab/0x280<br /> netlink_sendmsg+0x257/0x4f0<br /> ? _copy_from_user+0x29/0x60<br /> sock_sendmsg+0x5f/0x70
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2026

CVE-2025-38696
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> MIPS: Don&amp;#39;t crash in stack_top() for tasks without ABI or vDSO<br /> <br /> Not all tasks have an ABI associated or vDSO mapped,<br /> for example kthreads never do.<br /> If such a task ever ends up calling stack_top(), it will derefence the<br /> NULL ABI pointer and crash.<br /> <br /> This can for example happen when using kunit:<br /> <br /> mips_stack_top+0x28/0xc0<br /> arch_pick_mmap_layout+0x190/0x220<br /> kunit_vm_mmap_init+0xf8/0x138<br /> __kunit_add_resource+0x40/0xa8<br /> kunit_vm_mmap+0x88/0xd8<br /> usercopy_test_init+0xb8/0x240<br /> kunit_try_run_case+0x5c/0x1a8<br /> kunit_generic_run_threadfn_adapter+0x28/0x50<br /> kthread+0x118/0x240<br /> ret_from_kernel_thread+0x14/0x1c<br /> <br /> Only dereference the ABI point if it is set.<br /> <br /> The GIC page is also included as it is specific to the vDSO.<br /> Also move the randomization adjustment into the same conditional.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2026

CVE-2025-38702
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fbdev: fix potential buffer overflow in do_register_framebuffer()<br /> <br /> The current implementation may lead to buffer overflow when:<br /> 1. Unregistration creates NULL gaps in registered_fb[]<br /> 2. All array slots become occupied despite num_registered_fb
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2026

CVE-2025-38697
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> jfs: upper bound check of tree index in dbAllocAG<br /> <br /> When computing the tree index in dbAllocAG, we never check if we are<br /> out of bounds realative to the size of the stree.<br /> This could happen in a scenario where the filesystem metadata are<br /> corrupted.
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2026

CVE-2025-38698
Publication date:
04/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> jfs: Regular file corruption check<br /> <br /> The reproducer builds a corrupted file on disk with a negative i_size value.<br /> Add a check when opening this file to avoid subsequent operation failures.
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2026
Subscribe to Vulnerabilities