Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-21770
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu: Fix potential memory leak in iopf_queue_remove_device()<br /> <br /> The iopf_queue_remove_device() helper removes a device from the per-iommu<br /> iopf queue when PRI is disabled on the device. It responds to all<br /> outstanding iopf&amp;#39;s with an IOMMU_PAGE_RESP_INVALID code and detaches the<br /> device from the queue.<br /> <br /> However, it fails to release the group structure that represents a group<br /> of iopf&amp;#39;s awaiting for a response after responding to the hardware. This<br /> can cause a memory leak if iopf_queue_remove_device() is called with<br /> pending iopf&amp;#39;s.<br /> <br /> Fix it by calling iopf_free_group() after the iopf group is responded.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2025-21773
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: etas_es58x: fix potential NULL pointer dereference on udev-&gt;serial<br /> <br /> The driver assumed that es58x_dev-&gt;udev-&gt;serial could never be NULL.<br /> While this is true on commercially available devices, an attacker<br /> could spoof the device identity providing a NULL USB serial number.<br /> That would trigger a NULL pointer dereference.<br /> <br /> Add a check on es58x_dev-&gt;udev-&gt;serial before accessing it.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2025-21763
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> neighbour: use RCU protection in __neigh_notify()<br /> <br /> __neigh_notify() can be called without RTNL or RCU protection.<br /> <br /> Use RCU protection to avoid potential UAF.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2025-21762
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arp: use RCU protection in arp_xmit()<br /> <br /> arp_xmit() can be called without RTNL or RCU protection.<br /> <br /> Use RCU protection to avoid potential UAF.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2025-21759
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipv6: mcast: extend RCU protection in igmp6_send()<br /> <br /> igmp6_send() can be called without RTNL or RCU being held.<br /> <br /> Extend RCU protection so that we can safely fetch the net pointer<br /> and avoid a potential UAF.<br /> <br /> Note that we no longer can use sock_alloc_send_skb() because<br /> ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.<br /> <br /> Instead use alloc_skb() and charge the net-&gt;ipv6.igmp_sk<br /> socket under RCU protection.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2025

CVE-2025-21760
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ndisc: extend RCU protection in ndisc_send_skb()<br /> <br /> ndisc_send_skb() can be called without RTNL or RCU held.<br /> <br /> Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu()<br /> and avoid a potential UAF.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2025

CVE-2025-21761
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> openvswitch: use RCU protection in ovs_vport_cmd_fill_info()<br /> <br /> ovs_vport_cmd_fill_info() can be called without RTNL or RCU.<br /> <br /> Use RCU protection and dev_net_rcu() to avoid potential UAF.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2025

CVE-2025-21757
Publication date:
27/02/2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2025-21755
Publication date:
27/02/2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2025-21758
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipv6: mcast: add RCU protection to mld_newpack()<br /> <br /> mld_newpack() can be called without RTNL or RCU being held.<br /> <br /> Note that we no longer can use sock_alloc_send_skb() because<br /> ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.<br /> <br /> Instead use alloc_skb() and charge the net-&gt;ipv6.igmp_sk<br /> socket under RCU protection.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2025-21754
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix assertion failure when splitting ordered extent after transaction abort<br /> <br /> If while we are doing a direct IO write a transaction abort happens, we<br /> mark all existing ordered extents with the BTRFS_ORDERED_IOERR flag (done<br /> at btrfs_destroy_ordered_extents()), and then after that if we enter<br /> btrfs_split_ordered_extent() and the ordered extent has bytes left<br /> (meaning we have a bio that doesn&amp;#39;t cover the whole ordered extent, see<br /> details at btrfs_extract_ordered_extent()), we will fail on the following<br /> assertion at btrfs_split_ordered_extent():<br /> <br /> ASSERT(!(flags &amp; ~BTRFS_ORDERED_TYPE_FLAGS));<br /> <br /> because the BTRFS_ORDERED_IOERR flag is set and the definition of<br /> BTRFS_ORDERED_TYPE_FLAGS is just the union of all flags that identify the<br /> type of write (regular, nocow, prealloc, compressed, direct IO, encoded).<br /> <br /> Fix this by returning an error from btrfs_extract_ordered_extent() if we<br /> find the BTRFS_ORDERED_IOERR flag in the ordered extent. The error will<br /> be the error that resulted in the transaction abort or -EIO if no<br /> transaction abort happened.<br /> <br /> This was recently reported by syzbot with the following trace:<br /> <br /> FAULT_INJECTION: forcing a failure.<br /> name failslab, interval 1, probability 0, space 0, times 1<br /> CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller #0<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014<br /> Call Trace:<br /> <br /> __dump_stack lib/dump_stack.c:94 [inline]<br /> dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120<br /> fail_dump lib/fault-inject.c:53 [inline]<br /> should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154<br /> should_failslab+0xac/0x100 mm/failslab.c:46<br /> slab_pre_alloc_hook mm/slub.c:4072 [inline]<br /> slab_alloc_node mm/slub.c:4148 [inline]<br /> __do_kmalloc_node mm/slub.c:4297 [inline]<br /> __kmalloc_noprof+0xdd/0x4c0 mm/slub.c:4310<br /> kmalloc_noprof include/linux/slab.h:905 [inline]<br /> kzalloc_noprof include/linux/slab.h:1037 [inline]<br /> btrfs_chunk_alloc_add_chunk_item+0x244/0x1100 fs/btrfs/volumes.c:5742<br /> reserve_chunk_space+0x1ca/0x2c0 fs/btrfs/block-group.c:4292<br /> check_system_chunk fs/btrfs/block-group.c:4319 [inline]<br /> do_chunk_alloc fs/btrfs/block-group.c:3891 [inline]<br /> btrfs_chunk_alloc+0x77b/0xf80 fs/btrfs/block-group.c:4187<br /> find_free_extent_update_loop fs/btrfs/extent-tree.c:4166 [inline]<br /> find_free_extent+0x42d1/0x5810 fs/btrfs/extent-tree.c:4579<br /> btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4672<br /> btrfs_new_extent_direct fs/btrfs/direct-io.c:186 [inline]<br /> btrfs_get_blocks_direct_write+0x706/0xfa0 fs/btrfs/direct-io.c:321<br /> btrfs_dio_iomap_begin+0xbb7/0x1180 fs/btrfs/direct-io.c:525<br /> iomap_iter+0x697/0xf60 fs/iomap/iter.c:90<br /> __iomap_dio_rw+0xeb9/0x25b0 fs/iomap/direct-io.c:702<br /> btrfs_dio_write fs/btrfs/direct-io.c:775 [inline]<br /> btrfs_direct_write+0x610/0xa30 fs/btrfs/direct-io.c:880<br /> btrfs_do_write_iter+0x2a0/0x760 fs/btrfs/file.c:1397<br /> do_iter_readv_writev+0x600/0x880<br /> vfs_writev+0x376/0xba0 fs/read_write.c:1050<br /> do_pwritev fs/read_write.c:1146 [inline]<br /> __do_sys_pwritev2 fs/read_write.c:1204 [inline]<br /> __se_sys_pwritev2+0x196/0x2b0 fs/read_write.c:1195<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> RIP: 0033:0x7f1281f85d29<br /> RSP: 002b:00007f12819fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148<br /> RAX: ffffffffffffffda RBX: 00007f1282176080 RCX: 00007f1281f85d29<br /> RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005<br /> RBP: 00007f12819fe090 R08: 0000000000000000 R09: 0000000000000003<br /> R10: 0000000000007000 R11: 0000000000000246 R12: 0000000000000002<br /> R13: 0000000000000000 R14: 00007f1282176080 R15: 00007ffcb9e23328<br /> <br /> BTRFS error (device loop0 state A): Transaction aborted (error -12)<br /> BTRFS: error (device loop0 state A<br /> ---truncated---
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2025-21756
Publication date:
27/02/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vsock: Keep the binding until socket destruction<br /> <br /> Preserve sockets bindings; this includes both resulting from an explicit<br /> bind() and those implicitly bound through autobind during connect().<br /> <br /> Prevents socket unbinding during a transport reassignment, which fixes a<br /> use-after-free:<br /> <br /> 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2)<br /> 2. transport-&gt;release() calls vsock_remove_bound() without checking if<br /> sk was bound and moved to bound list (refcnt=1)<br /> 3. vsock_bind() assumes sk is in unbound list and before<br /> __vsock_insert_bound(vsock_bound_sockets()) calls<br /> __vsock_remove_bound() which does:<br /> list_del_init(&amp;vsk-&gt;bound_table); // nop<br /> sock_put(&amp;vsk-&gt;sk); // refcnt=0<br /> <br /> BUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730<br /> Read of size 4 at addr ffff88816b46a74c by task a.out/2057<br /> dump_stack_lvl+0x68/0x90<br /> print_report+0x174/0x4f6<br /> kasan_report+0xb9/0x190<br /> __vsock_bind+0x62e/0x730<br /> vsock_bind+0x97/0xe0<br /> __sys_bind+0x154/0x1f0<br /> __x64_sys_bind+0x6e/0xb0<br /> do_syscall_64+0x93/0x1b0<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> Allocated by task 2057:<br /> kasan_save_stack+0x1e/0x40<br /> kasan_save_track+0x10/0x30<br /> __kasan_slab_alloc+0x85/0x90<br /> kmem_cache_alloc_noprof+0x131/0x450<br /> sk_prot_alloc+0x5b/0x220<br /> sk_alloc+0x2c/0x870<br /> __vsock_create.constprop.0+0x2e/0xb60<br /> vsock_create+0xe4/0x420<br /> __sock_create+0x241/0x650<br /> __sys_socket+0xf2/0x1a0<br /> __x64_sys_socket+0x6e/0xb0<br /> do_syscall_64+0x93/0x1b0<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> Freed by task 2057:<br /> kasan_save_stack+0x1e/0x40<br /> kasan_save_track+0x10/0x30<br /> kasan_save_free_info+0x37/0x60<br /> __kasan_slab_free+0x4b/0x70<br /> kmem_cache_free+0x1a1/0x590<br /> __sk_destruct+0x388/0x5a0<br /> __vsock_bind+0x5e1/0x730<br /> vsock_bind+0x97/0xe0<br /> __sys_bind+0x154/0x1f0<br /> __x64_sys_bind+0x6e/0xb0<br /> do_syscall_64+0x93/0x1b0<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> refcount_t: addition on 0; use-after-free.<br /> WARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150<br /> RIP: 0010:refcount_warn_saturate+0xce/0x150<br /> __vsock_bind+0x66d/0x730<br /> vsock_bind+0x97/0xe0<br /> __sys_bind+0x154/0x1f0<br /> __x64_sys_bind+0x6e/0xb0<br /> do_syscall_64+0x93/0x1b0<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> refcount_t: underflow; use-after-free.<br /> WARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150<br /> RIP: 0010:refcount_warn_saturate+0xee/0x150<br /> vsock_remove_bound+0x187/0x1e0<br /> __vsock_release+0x383/0x4a0<br /> vsock_release+0x90/0x120<br /> __sock_release+0xa3/0x250<br /> sock_close+0x14/0x20<br /> __fput+0x359/0xa80<br /> task_work_run+0x107/0x1d0<br /> do_exit+0x847/0x2560<br /> do_group_exit+0xb8/0x250<br /> __x64_sys_exit_group+0x3a/0x50<br /> x64_sys_call+0xfec/0x14f0<br /> do_syscall_64+0x93/0x1b0<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025
Subscribe to Vulnerabilities