Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-21797
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: corsair-void: Add missing delayed work cancel for headset status<br /> <br /> The cancel_delayed_work_sync() call was missed, causing a use-after-free<br /> in corsair_void_remove().
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2025-21795
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> NFSD: fix hang in nfsd4_shutdown_callback<br /> <br /> If nfs4_client is in courtesy state then there is no point to send<br /> the callback. This causes nfsd4_shutdown_callback to hang since<br /> cl_cb_inflight is not 0. This hang lasts about 15 minutes until TCP<br /> notifies NFSD that the connection was dropped.<br /> <br /> This patch modifies nfsd4_run_cb_work to skip the RPC call if<br /> nfs4_client is in courtesy state.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2025-21792
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt<br /> <br /> If an AX25 device is bound to a socket by setting the SO_BINDTODEVICE<br /> socket option, a refcount leak will occur in ax25_release().<br /> <br /> Commit 9fd75b66b8f6 ("ax25: Fix refcount leaks caused by ax25_cb_del()")<br /> added decrement of device refcounts in ax25_release(). In order for that<br /> to work correctly the refcounts must already be incremented when the<br /> device is bound to the socket. An AX25 device can be bound to a socket<br /> by either calling ax25_bind() or setting SO_BINDTODEVICE socket option.<br /> In both cases the refcounts should be incremented, but in fact it is done<br /> only in ax25_bind().<br /> <br /> This bug leads to the following issue reported by Syzkaller:<br /> <br /> ================================================================<br /> refcount_t: decrement hit 0; leaking memory.<br /> WARNING: CPU: 1 PID: 5932 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31<br /> Modules linked in:<br /> CPU: 1 UID: 0 PID: 5932 Comm: syz-executor424 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014<br /> RIP: 0010:refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31<br /> Call Trace:<br /> <br /> __refcount_dec include/linux/refcount.h:336 [inline]<br /> refcount_dec include/linux/refcount.h:351 [inline]<br /> ref_tracker_free+0x710/0x820 lib/ref_tracker.c:236<br /> netdev_tracker_free include/linux/netdevice.h:4156 [inline]<br /> netdev_put include/linux/netdevice.h:4173 [inline]<br /> netdev_put include/linux/netdevice.h:4169 [inline]<br /> ax25_release+0x33f/0xa10 net/ax25/af_ax25.c:1069<br /> __sock_release+0xb0/0x270 net/socket.c:640<br /> sock_close+0x1c/0x30 net/socket.c:1408<br /> ...<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> ...<br /> <br /> ================================================================<br /> <br /> Fix the implementation of ax25_setsockopt() by adding increment of<br /> refcounts for the new device bound, and decrement of refcounts for<br /> the old unbound device.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2025-21793
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: sn-f-ospi: Fix division by zero<br /> <br /> When there is no dummy cycle in the spi-nor commands, both dummy bus cycle<br /> bytes and width are zero. Because of the cpu&amp;#39;s warning when divided by<br /> zero, the warning should be avoided. Return just zero to avoid such<br /> calculations.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2025-21794
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()<br /> <br /> Syzbot[1] has detected a stack-out-of-bounds read of the ep_addr array from<br /> hid-thrustmaster driver. This array is passed to usb_check_int_endpoints<br /> function from usb.c core driver, which executes a for loop that iterates<br /> over the elements of the passed array. Not finding a null element at the end of<br /> the array, it tries to read the next, non-existent element, crashing the kernel.<br /> <br /> To fix this, a 0 element was added at the end of the array to break the for<br /> loop.<br /> <br /> [1] https://syzkaller.appspot.com/bug?extid=9c9179ac46169c56c1ad
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2025-21786
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> workqueue: Put the pwq after detaching the rescuer from the pool<br /> <br /> The commit 68f83057b913("workqueue: Reap workers via kthread_stop() and<br /> remove detach_completion") adds code to reap the normal workers but<br /> mistakenly does not handle the rescuer and also removes the code waiting<br /> for the rescuer in put_unbound_pool(), which caused a use-after-free bug<br /> reported by Cheung Wall.<br /> <br /> To avoid the use-after-free bug, the pool’s reference must be held until<br /> the detachment is complete. Therefore, move the code that puts the pwq<br /> after detaching the rescuer from the pool.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2025-21791
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vrf: use RCU protection in l3mdev_l3_out()<br /> <br /> l3mdev_l3_out() can be called without RCU being held:<br /> <br /> raw_sendmsg()<br /> ip_push_pending_frames()<br /> ip_send_skb()<br /> ip_local_out()<br /> __ip_local_out()<br /> l3mdev_ip_out()<br /> <br /> Add rcu_read_lock() / rcu_read_unlock() pair to avoid<br /> a potential UAF.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2025-21782
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> orangefs: fix a oob in orangefs_debug_write<br /> <br /> I got a syzbot report: slab-out-of-bounds Read in<br /> orangefs_debug_write... several people suggested fixes,<br /> I tested Al Viro&amp;#39;s suggestion and made this patch.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2025-21785
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array<br /> <br /> The loop that detects/populates cache information already has a bounds<br /> check on the array size but does not account for cache levels with<br /> separate data/instructions cache. Fix this by incrementing the index<br /> for any populated leaf (instead of any populated level).
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2025-21787
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> team: better TEAM_OPTION_TYPE_STRING validation<br /> <br /> syzbot reported following splat [1]<br /> <br /> Make sure user-provided data contains one nul byte.<br /> <br /> [1]<br /> BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline]<br /> BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714<br /> string_nocheck lib/vsprintf.c:633 [inline]<br /> string+0x3ec/0x5f0 lib/vsprintf.c:714<br /> vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843<br /> __request_module+0x252/0x9f0 kernel/module/kmod.c:149<br /> team_mode_get drivers/net/team/team_core.c:480 [inline]<br /> team_change_mode drivers/net/team/team_core.c:607 [inline]<br /> team_mode_option_set+0x437/0x970 drivers/net/team/team_core.c:1401<br /> team_option_set drivers/net/team/team_core.c:375 [inline]<br /> team_nl_options_set_doit+0x1339/0x1f90 drivers/net/team/team_core.c:2662<br /> genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]<br /> genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]<br /> genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210<br /> netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2543<br /> genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219<br /> netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]<br /> netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1348<br /> netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1892<br /> sock_sendmsg_nosec net/socket.c:718 [inline]<br /> __sock_sendmsg+0x30f/0x380 net/socket.c:733<br /> ____sys_sendmsg+0x877/0xb60 net/socket.c:2573<br /> ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2627<br /> __sys_sendmsg net/socket.c:2659 [inline]<br /> __do_sys_sendmsg net/socket.c:2664 [inline]<br /> __se_sys_sendmsg net/socket.c:2662 [inline]<br /> __x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2662<br /> x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2025-21783
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gpiolib: Fix crash on error in gpiochip_get_ngpios()<br /> <br /> The gpiochip_get_ngpios() uses chip_*() macros to print messages.<br /> However these macros rely on gpiodev to be initialised and set,<br /> which is not the case when called via bgpio_init(). In such a case<br /> the printing messages will crash on NULL pointer dereference.<br /> Replace chip_*() macros by the respective dev_*() ones to avoid<br /> such crash.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2025-21784
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()<br /> <br /> In function psp_init_cap_microcode(), it should bail out when failed to<br /> load firmware, otherwise it may cause invalid memory access.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025
Subscribe to Vulnerabilities