Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-43217
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: iris: gen2: Add sanity check for session stop<br /> <br /> In iris_kill_session, inst-&gt;state is set to IRIS_INST_ERROR and<br /> session_close is executed, which will kfree(inst_hfi_gen2-&gt;packet).<br /> If stop_streaming is called afterward, it will cause a crash.<br /> <br /> Add a NULL check for inst_hfi_gen2-&gt;packet before sendling STOP packet<br /> to firmware to fix that.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43218
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: i2c/tw9903: Fix potential memory leak in tw9903_probe()<br /> <br /> In one of the error paths in tw9903_probe(), the memory allocated in<br /> v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that<br /> by calling v4l2_ctrl_handler_free() on the handler in that error path.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43219
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: cpsw_new: Fix potential unregister of netdev that has not been registered yet<br /> <br /> If an error occurs during register_netdev() for the first MAC in<br /> cpsw_register_ports(), even though cpsw-&gt;slaves[0].ndev is set to NULL,<br /> cpsw-&gt;slaves[1].ndev would remain unchanged. This could later cause<br /> cpsw_unregister_ports() to attempt unregistering the second MAC.<br /> To address this, add a check for ndev-&gt;reg_state before calling<br /> unregister_netdev(). With this change, setting cpsw-&gt;slaves[i].ndev<br /> to NULL becomes unnecessary and can be removed accordingly.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43220
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/amd: serialize sequence allocation under concurrent TLB invalidations<br /> <br /> With concurrent TLB invalidations, completion wait randomly gets timed out<br /> because cmd_sem_val was incremented outside the IOMMU spinlock, allowing<br /> CMD_COMPL_WAIT commands to be queued out of sequence and breaking the<br /> ordering assumption in wait_on_sem().<br /> Move the cmd_sem_val increment under iommu-&gt;lock so completion sequence<br /> allocation is serialized with command queuing.<br /> And remove the unnecessary return.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43221
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipmi: ipmb: initialise event handler read bytes<br /> <br /> IPMB doesn&amp;#39;t use i2c reads, but the handler needs to set a value.<br /> Otherwise an i2c read will return an uninitialised value from the bus<br /> driver.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43215
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cifs: Fix locking usage for tcon fields<br /> <br /> We used to use the cifs_tcp_ses_lock to protect a lot of objects<br /> that are not just the server, ses or tcon lists. We later introduced<br /> srv_lock, ses_lock and tc_lock to protect fields within the<br /> corresponding structs. This was done to provide a more granular<br /> protection and avoid unnecessary serialization.<br /> <br /> There were still a couple of uses of cifs_tcp_ses_lock to provide<br /> tcon fields. In this patch, I&amp;#39;ve replaced them with tc_lock.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026

CVE-2026-43222
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: verisilicon: AV1: Fix tile info buffer size<br /> <br /> Each tile info is composed of: row_sb, col_sb, start_pos<br /> and end_pos (4 bytes each). So the total required memory<br /> is AV1_MAX_TILES * 16 bytes.<br /> Use the correct #define to allocate the buffer and avoid<br /> writing tile info in non-allocated memory.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026

CVE-2026-43209
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> minix: Add required sanity checking to minix_check_superblock()<br /> <br /> The fs/minix implementation of the minix filesystem does not currently<br /> support any other value for s_log_zone_size than 0. This is also the<br /> only value supported in util-linux; see mkfs.minix.c line 511. In<br /> addition, this patch adds some sanity checking for the other minix<br /> superblock fields, and moves the minix_blocks_needed() checks for the<br /> zmap and imap also to minix_check_super_block().<br /> <br /> This also closes a related syzbot bug report.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43210
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing: ring-buffer: Fix to check event length before using<br /> <br /> Check the event length before adding it for accessing next index in<br /> rb_read_data_buffer(). Since this function is used for validating<br /> possibly broken ring buffers, the length of the event could be broken.<br /> In that case, the new event (e + len) can point a wrong address.<br /> To avoid invalid memory access at boot, check whether the length of<br /> each event is in the possible range before using it.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43207
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: mtk-mdp: Fix error handling in probe function<br /> <br /> Add mtk_mdp_unregister_m2m_device() on the error handling path to prevent<br /> resource leak.<br /> <br /> Add check for the return value of vpu_get_plat_device() to prevent null<br /> pointer dereference. And vpu_get_plat_device() increases the reference<br /> count of the returned platform device. Add platform_device_put() to<br /> prevent reference leak.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026

CVE-2026-43208
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: do not pass flow_id to set_rps_cpu()<br /> <br /> Blamed commit made the assumption that the RPS table for each receive<br /> queue would have the same size, and that it would not change.<br /> <br /> Compute flow_id in set_rps_cpu(), do not assume we can use the value<br /> computed by get_rps_cpu(). Otherwise we risk out-of-bound access<br /> and/or crashes.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026

CVE-2026-43211
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: Fix pci_slot_trylock() error handling<br /> <br /> Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")<br /> delegates the bridge device&amp;#39;s pci_dev_trylock() to pci_bus_trylock() in<br /> pci_slot_trylock(), but it forgets to remove the corresponding<br /> pci_dev_unlock() when pci_bus_trylock() fails.<br /> <br /> Before a4e772898f8b, the code did:<br /> <br /> if (!pci_dev_trylock(dev)) /* subordinate) {<br /> if (!pci_bus_trylock(dev-&gt;subordinate)) {<br /> pci_dev_unlock(dev); /*
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026
Subscribe to Vulnerabilities