CVE-2024-26724
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
Summary
net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers
Impacted products
Linux Linux Version: 496fd0a26bbf
Version: 496fd0a26bbf
Linux Linux Version: 6.7
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26724",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-05T17:56:55.554456Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:11.438Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.956Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1596126ea50228f0ed96697bae4e9368fda02c56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa1eec2f546f2afa8c98ec41e5d8ee488165d685"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/dpll.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1596126ea502",
              "status": "affected",
              "version": "496fd0a26bbf",
              "versionType": "git"
            },
            {
              "lessThan": "aa1eec2f546f",
              "status": "affected",
              "version": "496fd0a26bbf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/dpll.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DPLL, Fix possible use after free after delayed work timer triggers\n\nI managed to hit following use after free warning recently:\n\n[ 2169.711665] ==================================================================\n[ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0\n[ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0\n\n[ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2\n[ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 2169.722457] Call Trace:\n[ 2169.722756]  \u003cIRQ\u003e\n[ 2169.723024]  dump_stack_lvl+0x58/0xb0\n[ 2169.723417]  print_report+0xc5/0x630\n[ 2169.723807]  ? __virt_addr_valid+0x126/0x2b0\n[ 2169.724268]  kasan_report+0xbe/0xf0\n[ 2169.724667]  ? __run_timers.part.0+0x179/0x4c0\n[ 2169.725116]  ? __run_timers.part.0+0x179/0x4c0\n[ 2169.725570]  __run_timers.part.0+0x179/0x4c0\n[ 2169.726003]  ? call_timer_fn+0x320/0x320\n[ 2169.726404]  ? lock_downgrade+0x3a0/0x3a0\n[ 2169.726820]  ? kvm_clock_get_cycles+0x14/0x20\n[ 2169.727257]  ? ktime_get+0x92/0x150\n[ 2169.727630]  ? lapic_next_deadline+0x35/0x60\n[ 2169.728069]  run_timer_softirq+0x40/0x80\n[ 2169.728475]  __do_softirq+0x1a1/0x509\n[ 2169.728866]  irq_exit_rcu+0x95/0xc0\n[ 2169.729241]  sysvec_apic_timer_interrupt+0x6b/0x80\n[ 2169.729718]  \u003c/IRQ\u003e\n[ 2169.729993]  \u003cTASK\u003e\n[ 2169.730259]  asm_sysvec_apic_timer_interrupt+0x16/0x20\n[ 2169.730755] RIP: 0010:default_idle+0x13/0x20\n[ 2169.731190] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4 \u003cfa\u003e c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00\n[ 2169.732759] RSP: 0018:ffff888100dbfe10 EFLAGS: 00000242\n[ 2169.733264] RAX: 0000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62\n[ 2169.733925] RDX: ffffed109a848b15 RSI: 0000000000000004 RDI: ffffffff8127ac55\n[ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14\n[ 2169.735200] R10: ffff8884d42458a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0\n[ 2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200\n[ 2169.736478]  ? ct_kernel_exit.constprop.0+0xa2/0xc0\n[ 2169.736954]  ? do_idle+0x285/0x290\n[ 2169.737323]  default_idle_call+0x63/0x90\n[ 2169.737730]  do_idle+0x285/0x290\n[ 2169.738089]  ? arch_cpu_idle_exit+0x30/0x30\n[ 2169.738511]  ? mark_held_locks+0x1a/0x80\n[ 2169.738917]  ? lockdep_hardirqs_on_prepare+0x12e/0x200\n[ 2169.739417]  cpu_startup_entry+0x30/0x40\n[ 2169.739825]  start_secondary+0x19a/0x1c0\n[ 2169.740229]  ? set_cpu_sibling_map+0xbd0/0xbd0\n[ 2169.740673]  secondary_startup_64_no_verify+0x15d/0x16b\n[ 2169.741179]  \u003c/TASK\u003e\n\n[ 2169.741686] Allocated by task 1098:\n[ 2169.742058]  kasan_save_stack+0x1c/0x40\n[ 2169.742456]  kasan_save_track+0x10/0x30\n[ 2169.742852]  __kasan_kmalloc+0x83/0x90\n[ 2169.743246]  mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll]\n[ 2169.743730]  auxiliary_bus_probe+0x62/0xb0\n[ 2169.744148]  really_probe+0x127/0x590\n[ 2169.744534]  __driver_probe_device+0xd2/0x200\n[ 2169.744973]  device_driver_attach+0x6b/0xf0\n[ 2169.745402]  bind_store+0x90/0xe0\n[ 2169.745761]  kernfs_fop_write_iter+0x1df/0x2a0\n[ 2169.746210]  vfs_write+0x41f/0x790\n[ 2169.746579]  ksys_write+0xc7/0x160\n[ 2169.746947]  do_syscall_64+0x6f/0x140\n[ 2169.747333]  entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\n[ 2169.748049] Freed by task 1220:\n[ 2169.748393]  kasan_save_stack+0x1c/0x40\n[ 2169.748789]  kasan_save_track+0x10/0x30\n[ 2169.749188]  kasan_save_free_info+0x3b/0x50\n[ 2169.749621]  poison_slab_object+0x106/0x180\n[ 2169.750044]  __kasan_slab_free+0x14/0x50\n[ 2169.750451]  kfree+0x118/0x330\n[ 2169.750792]  mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll]\n[ 2169.751271]  auxiliary_bus_remove+0x2e/0x40\n[ 2169.751694]  device_release_driver_internal+0x24b/0x2e0\n[ 2169.752191]  unbind_store+0xa6/0xb0\n[ 2169.752563]  kernfs_fo\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:14:34.495Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1596126ea50228f0ed96697bae4e9368fda02c56"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa1eec2f546f2afa8c98ec41e5d8ee488165d685"
        }
      ],
      "title": "net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26724",
    "datePublished": "2024-04-03T14:55:23.349Z",
    "dateReserved": "2024-02-19T14:20:24.163Z",
    "dateUpdated": "2024-11-05T09:14:34.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26724\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-03T15:15:54.203\",\"lastModified\":\"2024-04-03T17:24:18.150\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5: DPLL, Fix possible use after free after delayed work timer triggers\\n\\nI managed to hit following use after free warning recently:\\n\\n[ 2169.711665] ==================================================================\\n[ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0\\n[ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0\\n\\n[ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2\\n[ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\\n[ 2169.722457] Call Trace:\\n[ 2169.722756]  \u003cIRQ\u003e\\n[ 2169.723024]  dump_stack_lvl+0x58/0xb0\\n[ 2169.723417]  print_report+0xc5/0x630\\n[ 2169.723807]  ? __virt_addr_valid+0x126/0x2b0\\n[ 2169.724268]  kasan_report+0xbe/0xf0\\n[ 2169.724667]  ? __run_timers.part.0+0x179/0x4c0\\n[ 2169.725116]  ? __run_timers.part.0+0x179/0x4c0\\n[ 2169.725570]  __run_timers.part.0+0x179/0x4c0\\n[ 2169.726003]  ? call_timer_fn+0x320/0x320\\n[ 2169.726404]  ? lock_downgrade+0x3a0/0x3a0\\n[ 2169.726820]  ? kvm_clock_get_cycles+0x14/0x20\\n[ 2169.727257]  ? ktime_get+0x92/0x150\\n[ 2169.727630]  ? lapic_next_deadline+0x35/0x60\\n[ 2169.728069]  run_timer_softirq+0x40/0x80\\n[ 2169.728475]  __do_softirq+0x1a1/0x509\\n[ 2169.728866]  irq_exit_rcu+0x95/0xc0\\n[ 2169.729241]  sysvec_apic_timer_interrupt+0x6b/0x80\\n[ 2169.729718]  \u003c/IRQ\u003e\\n[ 2169.729993]  \u003cTASK\u003e\\n[ 2169.730259]  asm_sysvec_apic_timer_interrupt+0x16/0x20\\n[ 2169.730755] RIP: 0010:default_idle+0x13/0x20\\n[ 2169.731190] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4 \u003cfa\u003e c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00\\n[ 2169.732759] RSP: 0018:ffff888100dbfe10 EFLAGS: 00000242\\n[ 2169.733264] RAX: 0000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62\\n[ 2169.733925] RDX: ffffed109a848b15 RSI: 0000000000000004 RDI: ffffffff8127ac55\\n[ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14\\n[ 2169.735200] R10: ffff8884d42458a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0\\n[ 2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200\\n[ 2169.736478]  ? ct_kernel_exit.constprop.0+0xa2/0xc0\\n[ 2169.736954]  ? do_idle+0x285/0x290\\n[ 2169.737323]  default_idle_call+0x63/0x90\\n[ 2169.737730]  do_idle+0x285/0x290\\n[ 2169.738089]  ? arch_cpu_idle_exit+0x30/0x30\\n[ 2169.738511]  ? mark_held_locks+0x1a/0x80\\n[ 2169.738917]  ? lockdep_hardirqs_on_prepare+0x12e/0x200\\n[ 2169.739417]  cpu_startup_entry+0x30/0x40\\n[ 2169.739825]  start_secondary+0x19a/0x1c0\\n[ 2169.740229]  ? set_cpu_sibling_map+0xbd0/0xbd0\\n[ 2169.740673]  secondary_startup_64_no_verify+0x15d/0x16b\\n[ 2169.741179]  \u003c/TASK\u003e\\n\\n[ 2169.741686] Allocated by task 1098:\\n[ 2169.742058]  kasan_save_stack+0x1c/0x40\\n[ 2169.742456]  kasan_save_track+0x10/0x30\\n[ 2169.742852]  __kasan_kmalloc+0x83/0x90\\n[ 2169.743246]  mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll]\\n[ 2169.743730]  auxiliary_bus_probe+0x62/0xb0\\n[ 2169.744148]  really_probe+0x127/0x590\\n[ 2169.744534]  __driver_probe_device+0xd2/0x200\\n[ 2169.744973]  device_driver_attach+0x6b/0xf0\\n[ 2169.745402]  bind_store+0x90/0xe0\\n[ 2169.745761]  kernfs_fop_write_iter+0x1df/0x2a0\\n[ 2169.746210]  vfs_write+0x41f/0x790\\n[ 2169.746579]  ksys_write+0xc7/0x160\\n[ 2169.746947]  do_syscall_64+0x6f/0x140\\n[ 2169.747333]  entry_SYSCALL_64_after_hwframe+0x46/0x4e\\n\\n[ 2169.748049] Freed by task 1220:\\n[ 2169.748393]  kasan_save_stack+0x1c/0x40\\n[ 2169.748789]  kasan_save_track+0x10/0x30\\n[ 2169.749188]  kasan_save_free_info+0x3b/0x50\\n[ 2169.749621]  poison_slab_object+0x106/0x180\\n[ 2169.750044]  __kasan_slab_free+0x14/0x50\\n[ 2169.750451]  kfree+0x118/0x330\\n[ 2169.750792]  mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll]\\n[ 2169.751271]  auxiliary_bus_remove+0x2e/0x40\\n[ 2169.751694]  device_release_driver_internal+0x24b/0x2e0\\n[ 2169.752191]  unbind_store+0xa6/0xb0\\n[ 2169.752563]  kernfs_fo\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5: DPLL, corrige el posible uso despu\u00e9s de la activaci\u00f3n del temporizador de trabajo retrasado despu\u00e9s de la liberaci\u00f3n. Logr\u00e9 alcanzar el siguiente uso despu\u00e9s de la advertencia de la liberaci\u00f3n gratuita recientemente: [2169.711665] ======== ==================================================== ======== [2169.714009] ERROR: KASAN: slab-use-after-free en __run_timers.part.0+0x179/0x4c0 [2169.716293] Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff88812b326a70 mediante task swapper/4/0 [ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 No contaminado 6.8.0-rc2jiri+ #2 [2169.720974] Nombre de hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02- prebuilt.qemu.org 01/04/2014 [2169.722457] Seguimiento de llamadas: [2169.722756]  [2169.723024] dump_stack_lvl+0x58/0xb0 [2169.723417] print_report+0xc5/0x630 [2169.72 3807] ? __virt_addr_valid+0x126/0x2b0 [ 2169.724268] kasan_report+0xbe/0xf0 [ 2169.724667] ? __run_timers.part.0+0x179/0x4c0 [2169.725116]? __run_timers.part.0+0x179/0x4c0 [2169.725570] __run_timers.part.0+0x179/0x4c0 [2169.726003]? call_timer_fn+0x320/0x320 [2169.726404]? lock_downgrade+0x3a0/0x3a0 [2169.726820]? kvm_clock_get_cycles+0x14/0x20 [2169.727257]? ktime_get+0x92/0x150 [2169.727630]? lapic_next_deadline+0x35/0x60 [ 2169.728069] run_timer_softirq+0x40/0x80 [ 2169.728475] __do_softirq+0x1a1/0x509 [ 2169.728866] irq_exit_rcu+0x95/0xc0 [ 2169.7 29241] sysvec_apic_timer_interrupt+0x6b/0x80 [ 2169.729718]  [ 2169.729993]  [ 2169.730259] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 2169.730755] RIP: 0010:default_idle+0x13/0x20 [ 2169.731190] C\u00f3digo: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4  c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00 [ 2169.732759 ] RSP: 0018:ffff888100dbfe10 EFLAGS : 00000242 [ 2169.733264] RAX: 00000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62 [ 2169.733925] RDX: ffffed109a848b15 RSI: 000000000 0000004 RDI: ffffffff8127ac55 [ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14 [ 2169.735200] R10: ffff8884d4245 8a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0 [2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200 [2169.736478] ? ct_kernel_exit.constprop.0+0xa2/0xc0 [2169.736954]? do_idle+0x285/0x290 [ 2169.737323] default_idle_call+0x63/0x90 [ 2169.737730] do_idle+0x285/0x290 [ 2169.738089] ? arch_cpu_idle_exit+0x30/0x30 [2169.738511]? mark_held_locks+0x1a/0x80 [2169.738917]? lockdep_hardirqs_on_prepare+0x12e/0x200 [ 2169.739417] cpu_startup_entry+0x30/0x40 [ 2169.739825] start_secondary+0x19a/0x1c0 [ 2169.740229] ? set_cpu_sibling_map+0xbd0/0xbd0 [ 2169.740673] second_startup_64_no_verify+0x15d/0x16b [ 2169.741179]  [ 2169.741686] Asignado por la tarea 1098: [ 2169.742058] kasan_save_s tachuela+0x1c/0x40 [ 2169.742456] kasan_save_track+0x10/0x30 [ 2169.742852] __kasan_kmalloc+0x83 /0x90 [ 2169.743246] mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll] [ 2169.743730] sonda_bus_auxiliar+0x62/0xb0 [ 2169.744148] sonda_real+0x127/0x590 [ 2169.744534] __driver_probe_device+0xd2/0x200 [ 2169.744973] dispositivo_driver_attach+0x6b/0xf0 [ 2169.745402] bind_store+ 0x90/0xe0 [ 2169.745761] kernfs_fop_write_iter+0x1df/0x2a0 [ 2169.746210] vfs_write+0x41f/0x790 [ 2169.746579] ksys_write+0xc7/0x160 [ 2169.746947 ] do_syscall_64+0x6f/0x140 [ 2169.747333] Entry_SYSCALL_64_after_hwframe+0x46/0x4e [ 2169.748049] Liberado por la tarea 1220 : [ 2169.748393] kasan_save_stack+0x1c/0x40 [ 2169.748789] kasan_save_track+0x10/0x30 [ 2169.749188] kasan_save_free_info+0x3b/0x50 [ 2169.749621] veneno_slab_object+0x106 /0x180 [ 2169.750044] __kasan_slab_free+0x14/0x50 [ 2169.750451] kfree+0x118/0x330 [ 2169.750792] mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll] [ 2169.751271] auxiliar_bus_remove+0x2e/0x40 ---truncado---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1596126ea50228f0ed96697bae4e9368fda02c56\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aa1eec2f546f2afa8c98ec41e5d8ee488165d685\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.