Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-43230
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/rds: Clear reconnect pending bit<br /> <br /> When canceling the reconnect worker, care must be taken to reset the<br /> reconnect-pending bit. If the reconnect worker has not yet been<br /> scheduled before it is canceled, the reconnect-pending bit will stay<br /> on forever.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026

CVE-2026-43225
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> staging: rtl8723bs: fix memory leak on failure path<br /> <br /> cfg80211_inform_bss_frame() may return NULL on failure. In that case,<br /> the allocated buffer &amp;#39;buf&amp;#39; is not freed and the function returns early,<br /> leading to potential memory leak.<br /> Fix this by ensuring that &amp;#39;buf&amp;#39; is freed on both success and failure paths.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026

CVE-2026-43216
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: Drop the lock in skb_may_tx_timestamp()<br /> <br /> skb_may_tx_timestamp() may acquire sock::sk_callback_lock. The lock must<br /> not be taken in IRQ context, only softirq is okay. A few drivers receive<br /> the timestamp via a dedicated interrupt and complete the TX timestamp<br /> from that handler. This will lead to a deadlock if the lock is already<br /> write-locked on the same CPU.<br /> <br /> Taking the lock can be avoided. The socket (pointed by the skb) will<br /> remain valid until the skb is released. The -&gt;sk_socket and -&gt;file<br /> member will be set to NULL once the user closes the socket which may<br /> happen before the timestamp arrives.<br /> If we happen to observe the pointer while the socket is closing but<br /> before the pointer is set to NULL then we may use it because both<br /> pointer (and the file&amp;#39;s cred member) are RCU freed.<br /> <br /> Drop the lock. Use READ_ONCE() to obtain the individual pointer. Add a<br /> matching WRITE_ONCE() where the pointer are cleared.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43217
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: iris: gen2: Add sanity check for session stop<br /> <br /> In iris_kill_session, inst-&gt;state is set to IRIS_INST_ERROR and<br /> session_close is executed, which will kfree(inst_hfi_gen2-&gt;packet).<br /> If stop_streaming is called afterward, it will cause a crash.<br /> <br /> Add a NULL check for inst_hfi_gen2-&gt;packet before sendling STOP packet<br /> to firmware to fix that.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43218
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: i2c/tw9903: Fix potential memory leak in tw9903_probe()<br /> <br /> In one of the error paths in tw9903_probe(), the memory allocated in<br /> v4l2_ctrl_handler_init() and v4l2_ctrl_new_std() is not freed. Fix that<br /> by calling v4l2_ctrl_handler_free() on the handler in that error path.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43219
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: cpsw_new: Fix potential unregister of netdev that has not been registered yet<br /> <br /> If an error occurs during register_netdev() for the first MAC in<br /> cpsw_register_ports(), even though cpsw-&gt;slaves[0].ndev is set to NULL,<br /> cpsw-&gt;slaves[1].ndev would remain unchanged. This could later cause<br /> cpsw_unregister_ports() to attempt unregistering the second MAC.<br /> To address this, add a check for ndev-&gt;reg_state before calling<br /> unregister_netdev(). With this change, setting cpsw-&gt;slaves[i].ndev<br /> to NULL becomes unnecessary and can be removed accordingly.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43220
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/amd: serialize sequence allocation under concurrent TLB invalidations<br /> <br /> With concurrent TLB invalidations, completion wait randomly gets timed out<br /> because cmd_sem_val was incremented outside the IOMMU spinlock, allowing<br /> CMD_COMPL_WAIT commands to be queued out of sequence and breaking the<br /> ordering assumption in wait_on_sem().<br /> Move the cmd_sem_val increment under iommu-&gt;lock so completion sequence<br /> allocation is serialized with command queuing.<br /> And remove the unnecessary return.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43221
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipmi: ipmb: initialise event handler read bytes<br /> <br /> IPMB doesn&amp;#39;t use i2c reads, but the handler needs to set a value.<br /> Otherwise an i2c read will return an uninitialised value from the bus<br /> driver.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43215
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cifs: Fix locking usage for tcon fields<br /> <br /> We used to use the cifs_tcp_ses_lock to protect a lot of objects<br /> that are not just the server, ses or tcon lists. We later introduced<br /> srv_lock, ses_lock and tc_lock to protect fields within the<br /> corresponding structs. This was done to provide a more granular<br /> protection and avoid unnecessary serialization.<br /> <br /> There were still a couple of uses of cifs_tcp_ses_lock to provide<br /> tcon fields. In this patch, I&amp;#39;ve replaced them with tc_lock.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026

CVE-2026-43222
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: verisilicon: AV1: Fix tile info buffer size<br /> <br /> Each tile info is composed of: row_sb, col_sb, start_pos<br /> and end_pos (4 bytes each). So the total required memory<br /> is AV1_MAX_TILES * 16 bytes.<br /> Use the correct #define to allocate the buffer and avoid<br /> writing tile info in non-allocated memory.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026

CVE-2026-43209
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> minix: Add required sanity checking to minix_check_superblock()<br /> <br /> The fs/minix implementation of the minix filesystem does not currently<br /> support any other value for s_log_zone_size than 0. This is also the<br /> only value supported in util-linux; see mkfs.minix.c line 511. In<br /> addition, this patch adds some sanity checking for the other minix<br /> superblock fields, and moves the minix_blocks_needed() checks for the<br /> zmap and imap also to minix_check_super_block().<br /> <br /> This also closes a related syzbot bug report.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43210
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing: ring-buffer: Fix to check event length before using<br /> <br /> Check the event length before adding it for accessing next index in<br /> rb_read_data_buffer(). Since this function is used for validating<br /> possibly broken ring buffers, the length of the event could be broken.<br /> In that case, the new event (e + len) can point a wrong address.<br /> To avoid invalid memory access at boot, check whether the length of<br /> each event is in the possible range before using it.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026
Subscribe to Vulnerabilities