Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-49126
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: mpi3mr: Fix memory leaks<br /> <br /> Fix memory leaks related to operational reply queue&amp;#39;s memory segments which<br /> are not getting freed while unloading the driver.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49117
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mips: ralink: fix a refcount leak in ill_acc_of_setup()<br /> <br /> of_node_put(np) needs to be called when pdev == NULL.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49106
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances<br /> <br /> vchiq_get_state() can return a NULL pointer. So handle this cases and<br /> avoid a NULL pointer derefence in vchiq_dump_platform_instances.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49107
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ceph: fix memory leak in ceph_readdir when note_last_dentry returns error<br /> <br /> Reset the last_readdir at the same time, and add a comment explaining<br /> why we don&amp;#39;t free last_readdir when dir_emit returns false.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49108
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clk: mediatek: Fix memory leaks on probe<br /> <br /> Handle the error branches to free memory where required.<br /> <br /> Addresses-Coverity-ID: 1491825 ("Resource leak")
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49109
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ceph: fix inode reference leakage in ceph_get_snapdir()<br /> <br /> The ceph_get_inode() will search for or insert a new inode into the<br /> hash for the given vino, and return a reference to it. If new is<br /> non-NULL, its reference is consumed.<br /> <br /> We should release the reference when in error handing cases.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2025

CVE-2022-49110
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: conntrack: revisit gc autotuning<br /> <br /> as of commit 4608fdfc07e1<br /> ("netfilter: conntrack: collect all entries in one cycle")<br /> conntrack gc was changed to run every 2 minutes.<br /> <br /> On systems where conntrack hash table is set to large value, most evictions<br /> happen from gc worker rather than the packet path due to hash table<br /> distribution.<br /> <br /> This causes netlink event overflows when events are collected.<br /> <br /> This change collects average expiry of scanned entries and<br /> reschedules to the average remaining value, within 1 to 60 second interval.<br /> <br /> To avoid event overflows, reschedule after each bucket and add a<br /> limit for both run time and number of evictions per run.<br /> <br /> If more entries have to be evicted, reschedule and restart 1 jiffy<br /> into the future.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2025

CVE-2022-49111
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: Fix use after free in hci_send_acl<br /> <br /> This fixes the following trace caused by receiving<br /> HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without<br /> first checking if conn-&gt;type is in fact AMP_LINK and in case it is<br /> do properly cleanup upper layers with hci_disconn_cfm:<br /> <br /> ==================================================================<br /> BUG: KASAN: use-after-free in hci_send_acl+0xaba/0xc50<br /> Read of size 8 at addr ffff88800e404818 by task bluetoothd/142<br /> <br /> CPU: 0 PID: 142 Comm: bluetoothd Not tainted<br /> 5.17.0-rc5-00006-gda4022eeac1a #7<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS<br /> rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x45/0x59<br /> print_address_description.constprop.0+0x1f/0x150<br /> kasan_report.cold+0x7f/0x11b<br /> hci_send_acl+0xaba/0xc50<br /> l2cap_do_send+0x23f/0x3d0<br /> l2cap_chan_send+0xc06/0x2cc0<br /> l2cap_sock_sendmsg+0x201/0x2b0<br /> sock_sendmsg+0xdc/0x110<br /> sock_write_iter+0x20f/0x370<br /> do_iter_readv_writev+0x343/0x690<br /> do_iter_write+0x132/0x640<br /> vfs_writev+0x198/0x570<br /> do_writev+0x202/0x280<br /> do_syscall_64+0x38/0x90<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> RSP: 002b:00007ffce8a099b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014<br /> Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3<br /> 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 14 00 00 00 0f 05<br /> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10<br /> RDX: 0000000000000001 RSI: 00007ffce8a099e0 RDI: 0000000000000015<br /> RAX: ffffffffffffffda RBX: 00007ffce8a099e0 RCX: 00007f788fc3cf77<br /> R10: 00007ffce8af7080 R11: 0000000000000246 R12: 000055e4ccf75580<br /> RBP: 0000000000000015 R08: 0000000000000002 R09: 0000000000000001<br /> <br /> R13: 000055e4ccf754a0 R14: 000055e4ccf75cd0 R15: 000055e4ccf4a6b0<br /> <br /> Allocated by task 45:<br /> kasan_save_stack+0x1e/0x40<br /> __kasan_kmalloc+0x81/0xa0<br /> hci_chan_create+0x9a/0x2f0<br /> l2cap_conn_add.part.0+0x1a/0xdc0<br /> l2cap_connect_cfm+0x236/0x1000<br /> le_conn_complete_evt+0x15a7/0x1db0<br /> hci_le_conn_complete_evt+0x226/0x2c0<br /> hci_le_meta_evt+0x247/0x450<br /> hci_event_packet+0x61b/0xe90<br /> hci_rx_work+0x4d5/0xc50<br /> process_one_work+0x8fb/0x15a0<br /> worker_thread+0x576/0x1240<br /> kthread+0x29d/0x340<br /> ret_from_fork+0x1f/0x30<br /> <br /> Freed by task 45:<br /> kasan_save_stack+0x1e/0x40<br /> kasan_set_track+0x21/0x30<br /> kasan_set_free_info+0x20/0x30<br /> __kasan_slab_free+0xfb/0x130<br /> kfree+0xac/0x350<br /> hci_conn_cleanup+0x101/0x6a0<br /> hci_conn_del+0x27e/0x6c0<br /> hci_disconn_phylink_complete_evt+0xe0/0x120<br /> hci_event_packet+0x812/0xe90<br /> hci_rx_work+0x4d5/0xc50<br /> process_one_work+0x8fb/0x15a0<br /> worker_thread+0x576/0x1240<br /> kthread+0x29d/0x340<br /> ret_from_fork+0x1f/0x30<br /> <br /> The buggy address belongs to the object at ffff88800c0f0500<br /> The buggy address is located 24 bytes inside of<br /> which belongs to the cache kmalloc-128 of size 128<br /> The buggy address belongs to the page:<br /> 128-byte region [ffff88800c0f0500, ffff88800c0f0580)<br /> flags: 0x100000000000200(slab|node=0|zone=1)<br /> page:00000000fe45cd86 refcount:1 mapcount:0<br /> mapping:0000000000000000 index:0x0 pfn:0xc0f0<br /> raw: 0000000000000000 0000000080100010 00000001ffffffff<br /> 0000000000000000<br /> raw: 0100000000000200 ffffea00003a2c80 dead000000000004<br /> ffff8880078418c0<br /> page dumped because: kasan: bad access detected<br /> ffff88800c0f0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc<br /> Memory state around the buggy address:<br /> &gt;ffff88800c0f0500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> ffff88800c0f0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc<br /> ffff88800c0f0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc<br /> <br /> ---truncated---
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2022-49112
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mt76: fix monitor mode crash with sdio driver<br /> <br /> mt7921s driver may receive frames with fragment buffers. If there is a<br /> CTS packet received in monitor mode, the payload is 10 bytes only and<br /> need 6 bytes header padding after RXD buffer. However, only RXD in the<br /> first linear buffer, if we pull buffer size RXD-size+6 bytes with<br /> skb_pull(), that would trigger "BUG_ON(skb-&gt;len data_len)" in<br /> __skb_pull().<br /> <br /> To avoid the nonlinear buffer issue, enlarge the RXD size from 128 to<br /> 256 to make sure all MCU operation in linear buffer.<br /> <br /> [ 52.007562] kernel BUG at include/linux/skbuff.h:2313!<br /> [ 52.007578] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP<br /> [ 52.007987] pc : skb_pull+0x48/0x4c<br /> [ 52.008015] lr : mt7921_queue_rx_skb+0x494/0x890 [mt7921_common]<br /> [ 52.008361] Call trace:<br /> [ 52.008377] skb_pull+0x48/0x4c<br /> [ 52.008400] mt76s_net_worker+0x134/0x1b0 [mt76_sdio 35339a92c6eb7d4bbcc806a1d22f56365565135c]<br /> [ 52.008431] __mt76_worker_fn+0xe8/0x170 [mt76 ef716597d11a77150bc07e3fdd68eeb0f9b56917]<br /> [ 52.008449] kthread+0x148/0x3ac<br /> [ 52.008466] ret_from_fork+0x10/0x30
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2025

CVE-2022-49113
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/secvar: fix refcount leak in format_show()<br /> <br /> Refcount leak will happen when format_show returns failure in multiple<br /> cases. Unified management of of_node_put can fix this problem.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49114
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: libfc: Fix use after free in fc_exch_abts_resp()<br /> <br /> fc_exch_release(ep) will decrease the ep&amp;#39;s reference count. When the<br /> reference count reaches zero, it is freed. But ep is still used in the<br /> following code, which will lead to a use after free.<br /> <br /> Return after the fc_exch_release() call to avoid use after free.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2022-49115
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: endpoint: Fix misused goto label<br /> <br /> Fix a misused goto label jump since that can result in a memory leak.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025
Subscribe to Vulnerabilities