Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-49486
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe<br /> <br /> of_find_i2c_device_by_node() takes a reference,<br /> In error paths, we should call put_device() to drop<br /> the reference to aviod refount leak.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49487
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe()<br /> <br /> It will cause null-ptr-deref when using &amp;#39;res&amp;#39;, if platform_get_resource()<br /> returns NULL, so move using &amp;#39;res&amp;#39; after devm_ioremap_resource() that<br /> will check it to avoid null-ptr-deref.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49488
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected<br /> <br /> There is a possibility for mdp5_get_global_state to return<br /> -EDEADLK when acquiring the modeset lock, but currently global_state in<br /> mdp5_mixer_release doesn&amp;#39;t check for if an error is returned.<br /> <br /> To avoid a NULL dereference error, let&amp;#39;s have mdp5_mixer_release<br /> check if an error is returned and propagate that error.<br /> <br /> Patchwork: https://patchwork.freedesktop.org/patch/485181/
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2025

CVE-2022-49468
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> thermal/core: Fix memory leak in __thermal_cooling_device_register()<br /> <br /> I got memory leak as follows when doing fault injection test:<br /> <br /> unreferenced object 0xffff888010080000 (size 264312):<br /> comm "182", pid 102533, jiffies 4296434960 (age 10.100s)<br /> hex dump (first 32 bytes):<br /> 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........<br /> ff ff ff ff ff ff ff ff 40 7f 1f b9 ff ff ff ff ........@.......<br /> backtrace:<br /> [] kmalloc_order_trace+0x1d/0x110 mm/slab_common.c:969<br /> [] __kmalloc+0x373/0x420 include/linux/slab.h:510<br /> [] thermal_cooling_device_setup_sysfs+0x15d/0x2d0 include/linux/slab.h:586<br /> [] __thermal_cooling_device_register+0x332/0xa60 drivers/thermal/thermal_core.c:927<br /> [] devm_thermal_of_cooling_device_register+0x6b/0xf0 drivers/thermal/thermal_core.c:1041<br /> [] max6650_probe.cold+0x557/0x6aa drivers/hwmon/max6650.c:211<br /> [] i2c_device_probe+0x472/0xac0 drivers/i2c/i2c-core-base.c:561<br /> <br /> If device_register() fails, thermal_cooling_device_destroy_sysfs() need be called<br /> to free the memory allocated in thermal_cooling_device_setup_sysfs().
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49469
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix anon_dev leak in create_subvol()<br /> <br /> When btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or<br /> btrfs_insert_root() fail in create_subvol(), we return without freeing<br /> anon_dev. Reorganize the error handling in create_subvol() to fix this.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2025

CVE-2022-49470
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event<br /> <br /> We should not access skb buffer data anymore after hci_recv_frame was<br /> called.<br /> <br /> [ 39.634809] BUG: KASAN: use-after-free in btmtksdio_recv_event+0x1b0<br /> [ 39.634855] Read of size 1 at addr ffffff80cf28a60d by task kworker<br /> [ 39.634962] Call trace:<br /> [ 39.634974] dump_backtrace+0x0/0x3b8<br /> [ 39.634999] show_stack+0x20/0x2c<br /> [ 39.635016] dump_stack_lvl+0x60/0x78<br /> [ 39.635040] print_address_description+0x70/0x2f0<br /> [ 39.635062] kasan_report+0x154/0x194<br /> [ 39.635079] __asan_report_load1_noabort+0x44/0x50<br /> [ 39.635099] btmtksdio_recv_event+0x1b0/0x1c4<br /> [ 39.635129] btmtksdio_txrx_work+0x6cc/0xac4<br /> [ 39.635157] process_one_work+0x560/0xc5c<br /> [ 39.635177] worker_thread+0x7ec/0xcc0<br /> [ 39.635195] kthread+0x2d0/0x3d0<br /> [ 39.635215] ret_from_fork+0x10/0x20<br /> [ 39.635247] Allocated by task 0:<br /> [ 39.635260] (stack is not available)<br /> [ 39.635281] Freed by task 2392:<br /> [ 39.635295] kasan_save_stack+0x38/0x68<br /> [ 39.635319] kasan_set_track+0x28/0x3c<br /> [ 39.635338] kasan_set_free_info+0x28/0x4c<br /> [ 39.635357] ____kasan_slab_free+0x104/0x150<br /> [ 39.635374] __kasan_slab_free+0x18/0x28<br /> [ 39.635391] slab_free_freelist_hook+0x114/0x248<br /> [ 39.635410] kfree+0xf8/0x2b4<br /> [ 39.635427] skb_free_head+0x58/0x98<br /> [ 39.635447] skb_release_data+0x2f4/0x410<br /> [ 39.635464] skb_release_all+0x50/0x60<br /> [ 39.635481] kfree_skb+0xc8/0x25c<br /> [ 39.635498] hci_event_packet+0x894/0xca4 [bluetooth]<br /> [ 39.635721] hci_rx_work+0x1c8/0x68c [bluetooth]<br /> [ 39.635925] process_one_work+0x560/0xc5c<br /> [ 39.635951] worker_thread+0x7ec/0xcc0<br /> [ 39.635970] kthread+0x2d0/0x3d0<br /> [ 39.635990] ret_from_fork+0x10/0x20<br /> [ 39.636021] The buggy address belongs to the object at ffffff80cf28a600<br /> which belongs to the cache kmalloc-512 of size 512<br /> [ 39.636039] The buggy address is located 13 bytes inside of<br /> 512-byte region [ffffff80cf28a600, ffffff80cf28a800)
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2025

CVE-2022-49471
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> rtw89: cfo: check mac_id to avoid out-of-bounds<br /> <br /> Somehow, hardware reports incorrect mac_id and pollute memory. Check index<br /> before we access the array.<br /> <br /> UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23<br /> index 188 is out of range for type &amp;#39;s32 [64]&amp;#39;<br /> CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G OE<br /> Call Trace:<br /> <br /> show_stack+0x52/0x58<br /> dump_stack_lvl+0x4c/0x63<br /> dump_stack+0x10/0x12<br /> ubsan_epilogue+0x9/0x45<br /> __ubsan_handle_out_of_bounds.cold+0x44/0x49<br /> ? __alloc_skb+0x92/0x1d0<br /> rtw89_phy_cfo_parse+0x44/0x7f [rtw89_core]<br /> rtw89_core_rx+0x261/0x871 [rtw89_core]<br /> ? __alloc_skb+0xee/0x1d0<br /> rtw89_pci_napi_poll+0x3fa/0x4ea [rtw89_pci]<br /> __napi_poll+0x33/0x1a0<br /> net_rx_action+0x126/0x260<br /> ? __queue_work+0x217/0x4c0<br /> __do_softirq+0xd9/0x315<br /> ? disable_irq_nosync+0x10/0x10<br /> do_softirq.part.0+0x6d/0x90<br /> <br /> <br /> __local_bh_enable_ip+0x62/0x70<br /> rtw89_pci_interrupt_threadfn+0x182/0x1a6 [rtw89_pci]<br /> irq_thread_fn+0x28/0x60<br /> irq_thread+0xc8/0x190<br /> ? irq_thread_fn+0x60/0x60<br /> kthread+0x16b/0x190<br /> ? irq_thread_check_affinity+0xe0/0xe0<br /> ? set_kthread_struct+0x50/0x50<br /> ret_from_fork+0x22/0x30<br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49472
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: phy: micrel: Allow probing without .driver_data<br /> <br /> Currently, if the .probe element is present in the phy_driver structure<br /> and the .driver_data is not, a NULL pointer dereference happens.<br /> <br /> Allow passing .probe without .driver_data by inserting NULL checks<br /> for priv-&gt;type.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49473
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*<br /> <br /> of_parse_phandle() returns a node pointer with refcount<br /> incremented, we should use of_node_put() on it when not needed anymore.<br /> Add missing of_node_put() to avoid refcount leak.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49474
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout<br /> <br /> Connecting the same socket twice consecutively in sco_sock_connect()<br /> could lead to a race condition where two sco_conn objects are created<br /> but only one is associated with the socket. If the socket is closed<br /> before the SCO connection is established, the timer associated with the<br /> dangling sco_conn object won&amp;#39;t be canceled. As the sock object is being<br /> freed, the use-after-free problem happens when the timer callback<br /> function sco_sock_timeout() accesses the socket. Here&amp;#39;s the call trace:<br /> <br /> dump_stack+0x107/0x163<br /> ? refcount_inc+0x1c/<br /> print_address_description.constprop.0+0x1c/0x47e<br /> ? refcount_inc+0x1c/0x7b<br /> kasan_report+0x13a/0x173<br /> ? refcount_inc+0x1c/0x7b<br /> check_memory_region+0x132/0x139<br /> refcount_inc+0x1c/0x7b<br /> sco_sock_timeout+0xb2/0x1ba<br /> process_one_work+0x739/0xbd1<br /> ? cancel_delayed_work+0x13f/0x13f<br /> ? __raw_spin_lock_init+0xf0/0xf0<br /> ? to_kthread+0x59/0x85<br /> worker_thread+0x593/0x70e<br /> kthread+0x346/0x35a<br /> ? drain_workqueue+0x31a/0x31a<br /> ? kthread_bind+0x4b/0x4b<br /> ret_from_fork+0x1f/0x30
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2025

CVE-2022-49475
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()<br /> <br /> It will cause null-ptr-deref if platform_get_resource_byname() returns NULL,<br /> we need check the return value.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2022-49476
Publication date:
26/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mt76: mt7921: fix kernel crash at mt7921_pci_remove<br /> <br /> The crash log shown it is possible that mt7921_irq_handler is called while<br /> devm_free_irq is being handled so mt76_free_device need to be postponed<br /> until devm_free_irq is completed to solve the crash we free the mt76 device<br /> too early.<br /> <br /> [ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008<br /> [ 9299.339705] #PF: supervisor read access in kernel mode<br /> [ 9299.339735] #PF: error_code(0x0000) - not-present page<br /> [ 9299.339768] PGD 0 P4D 0<br /> [ 9299.339786] Oops: 0000 [#1] SMP PTI<br /> [ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1<br /> [ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022<br /> [ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e]<br /> [ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082<br /> [ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5<br /> [ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020<br /> [ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011<br /> [ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080<br /> [ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228<br /> [ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000<br /> [ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0<br /> [ 9299.340432] PKRU: 55555554<br /> [ 9299.340449] Call Trace:<br /> [ 9299.340467] <br /> [ 9299.340485] __free_irq+0x221/0x350<br /> [ 9299.340527] free_irq+0x30/0x70<br /> [ 9299.340553] devm_free_irq+0x55/0x80<br /> [ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e]<br /> [ 9299.340616] pci_device_remove+0x3b/0xa0<br /> [ 9299.340651] __device_release_driver+0x17a/0x240<br /> [ 9299.340686] device_driver_detach+0x3c/0xa0<br /> [ 9299.340714] unbind_store+0x113/0x130<br /> [ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0<br /> [ 9299.340775] new_sync_write+0x15c/0x1f0<br /> [ 9299.340806] vfs_write+0x1d2/0x270<br /> [ 9299.340831] ksys_write+0x67/0xe0<br /> [ 9299.340857] do_syscall_64+0x3b/0x90<br /> [ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025
Subscribe to Vulnerabilities