Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-52844
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: vidtv: psi: Add check for kstrdup<br /> <br /> Add check for the return value of kstrdup() and return the error<br /> if it fails in order to avoid NULL pointer dereference.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2023-52845
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING<br /> <br /> syzbot reported the following uninit-value access issue [1]:<br /> <br /> =====================================================<br /> BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline]<br /> BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756<br /> strlen lib/string.c:418 [inline]<br /> strstr+0xb8/0x2f0 lib/string.c:756<br /> tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595<br /> genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline]<br /> genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]<br /> genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066<br /> netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545<br /> genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075<br /> netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]<br /> netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368<br /> netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910<br /> sock_sendmsg_nosec net/socket.c:730 [inline]<br /> sock_sendmsg net/socket.c:753 [inline]<br /> ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541<br /> ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595<br /> __sys_sendmsg net/socket.c:2624 [inline]<br /> __do_sys_sendmsg net/socket.c:2633 [inline]<br /> __se_sys_sendmsg net/socket.c:2631 [inline]<br /> __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> Uninit was created at:<br /> slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767<br /> slab_alloc_node mm/slub.c:3478 [inline]<br /> kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523<br /> kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559<br /> __alloc_skb+0x318/0x740 net/core/skbuff.c:650<br /> alloc_skb include/linux/skbuff.h:1286 [inline]<br /> netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline]<br /> netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885<br /> sock_sendmsg_nosec net/socket.c:730 [inline]<br /> sock_sendmsg net/socket.c:753 [inline]<br /> ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541<br /> ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595<br /> __sys_sendmsg net/socket.c:2624 [inline]<br /> __do_sys_sendmsg net/socket.c:2633 [inline]<br /> __se_sys_sendmsg net/socket.c:2631 [inline]<br /> __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> TIPC bearer-related names including link names must be null-terminated<br /> strings. If a link name which is not null-terminated is passed through<br /> netlink, strstr() and similar functions can cause buffer overrun. This<br /> causes the above issue.<br /> <br /> This patch changes the nla_policy for bearer-related names from NLA_STRING<br /> to NLA_NUL_STRING. This resolves the issue by ensuring that only<br /> null-terminated strings are accepted as bearer-related names.<br /> <br /> syzbot reported similar uninit-value issue related to bearer names [2]. The<br /> root cause of this issue is that a non-null-terminated bearer name was<br /> passed. This patch also resolved this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2023-52846
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hsr: Prevent use after free in prp_create_tagged_frame()<br /> <br /> The prp_fill_rct() function can fail. In that situation, it frees the<br /> skb and returns NULL. Meanwhile on the success path, it returns the<br /> original skb. So it&amp;#39;s straight forward to fix bug by using the returned<br /> value.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2024

CVE-2023-52847
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: bttv: fix use after free error due to btv-&gt;timeout timer<br /> <br /> There may be some a race condition between timer function<br /> bttv_irq_timeout and bttv_remove. The timer is setup in<br /> probe and there is no timer_delete operation in remove<br /> function. When it hit kfree btv, the function might still be<br /> invoked, which will cause use after free bug.<br /> <br /> This bug is found by static analysis, it may be false positive.<br /> <br /> Fix it by adding del_timer_sync invoking to the remove function.<br /> <br /> cpu0 cpu1<br /> bttv_probe<br /> -&gt;timer_setup<br /> -&gt;bttv_set_dma<br /> -&gt;mod_timer;<br /> bttv_remove<br /> -&gt;kfree(btv);<br /> -&gt;bttv_irq_timeout<br /> -&gt;USE btv
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2024

CVE-2023-52848
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to drop meta_inode&amp;#39;s page cache in f2fs_put_super()<br /> <br /> syzbot reports a kernel bug as below:<br /> <br /> F2FS-fs (loop1): detect filesystem reference count leak during umount, type: 10, count: 1<br /> kernel BUG at fs/f2fs/super.c:1639!<br /> CPU: 0 PID: 15451 Comm: syz-executor.1 Not tainted 6.5.0-syzkaller-09338-ge0152e7481c6 #0<br /> RIP: 0010:f2fs_put_super+0xce1/0xed0 fs/f2fs/super.c:1639<br /> Call Trace:<br /> generic_shutdown_super+0x161/0x3c0 fs/super.c:693<br /> kill_block_super+0x3b/0x70 fs/super.c:1646<br /> kill_f2fs_super+0x2b7/0x3d0 fs/f2fs/super.c:4879<br /> deactivate_locked_super+0x9a/0x170 fs/super.c:481<br /> deactivate_super+0xde/0x100 fs/super.c:514<br /> cleanup_mnt+0x222/0x3d0 fs/namespace.c:1254<br /> task_work_run+0x14d/0x240 kernel/task_work.c:179<br /> resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]<br /> exit_to_user_mode_loop kernel/entry/common.c:171 [inline]<br /> exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204<br /> __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]<br /> syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296<br /> do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> In f2fs_put_super(), it tries to do sanity check on dirty and IO<br /> reference count of f2fs, once there is any reference count leak,<br /> it will trigger panic.<br /> <br /> The root case is, during f2fs_put_super(), if there is any IO error<br /> in f2fs_wait_on_all_pages(), we missed to truncate meta_inode&amp;#39;s page<br /> cache later, result in panic, fix this case.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2024

CVE-2023-52821
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/panel: fix a possible null pointer dereference<br /> <br /> In versatile_panel_get_modes(), the return value of drm_mode_duplicate()<br /> is assigned to mode, which will lead to a NULL pointer dereference<br /> on failure of drm_mode_duplicate(). Add a check to avoid npd.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2024

CVE-2023-52822
Publication date:
21/05/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2024

CVE-2023-52823
Publication date:
21/05/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2024

CVE-2023-52824
Publication date:
21/05/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2024

CVE-2023-52825
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdkfd: Fix a race condition of vram buffer unref in svm code<br /> <br /> prange-&gt;svm_bo unref can happen in both mmu callback and a callback after<br /> migrate to system ram. Both are async call in different tasks. Sync svm_bo<br /> unref operation to avoid random "use-after-free".
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2023-52826
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference<br /> <br /> In tpg110_get_modes(), the return value of drm_mode_duplicate() is<br /> assigned to mode, which will lead to a NULL pointer dereference on<br /> failure of drm_mode_duplicate(). Add a check to avoid npd.
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2024

CVE-2023-52827
Publication date:
21/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()<br /> <br /> len is extracted from HTT message and could be an unexpected value in<br /> case errors happen, so add validation before using to avoid possible<br /> out-of-bound read in the following message iteration and parsing.<br /> <br /> The same issue also applies to ppdu_info-&gt;ppdu_stats.common.num_users,<br /> so validate it before using too.<br /> <br /> These are found during code review.<br /> <br /> Compile test only.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2024
Subscribe to Vulnerabilities