cve-2022-48702
Vulnerability from cvelistv5
Published
2024-05-03 15:13
Modified
2024-12-19 08:05
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the newly allocated voices as if it never wrapped around. This results in out of bounds access if the first voice has a high enough index so that first_voice + requested_voice_count > NUM_G (64). The more voices are requested, the more likely it is for this to occur. This was initially discovered using PipeWire, however it can be reproduced by calling aplay multiple times with 16 channels: aplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero UBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40 index 65 is out of range for type 'snd_emu10k1_voice [64]' CPU: 1 PID: 31977 Comm: aplay Tainted: G W IOE 6.0.0-rc2-emu10k1+ #7 Hardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002 07/22/2010 Call Trace: <TASK> dump_stack_lvl+0x49/0x63 dump_stack+0x10/0x16 ubsan_epilogue+0x9/0x3f __ubsan_handle_out_of_bounds.cold+0x44/0x49 snd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1] snd_pcm_hw_params+0x29f/0x600 [snd_pcm] snd_pcm_common_ioctl+0x188/0x1410 [snd_pcm] ? exit_to_user_mode_prepare+0x35/0x170 ? do_syscall_64+0x69/0x90 ? syscall_exit_to_user_mode+0x26/0x50 ? do_syscall_64+0x69/0x90 ? exit_to_user_mode_prepare+0x35/0x170 snd_pcm_ioctl+0x27/0x40 [snd_pcm] __x64_sys_ioctl+0x95/0xd0 do_syscall_64+0x5c/0x90 ? do_syscall_64+0x69/0x90 ? do_syscall_64+0x69/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f
Impacted products
Vendor Product Version
Linux Linux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48702",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T18:37:27.683467Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:16:45.700Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:17:55.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/pci/emu10k1/emupcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "637c5310acb48fffcc5657568db3f3e9bc719bfa",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6b0e260ac3cf289e38446552461caa65e6dab275",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "88aac6684cf8bc885cca15463cb4407e91f28ff7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "45321a7d02b7cf9b3f97e3987fc1e4d649b82da2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "39a90720f3abe96625d1224e7a7463410875de4c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "45814a53514e10a8014906c882e0d0d38df39cc1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4204a01ffce97cae1d59edc5848f02be5b2b9178",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d29f59051d3a07b81281b2df2b8c9dfe4716067f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/pci/emu10k1/emupcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.328",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.258",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.213",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.143",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.68",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()\n\nThe voice allocator sometimes begins allocating from near the end of the\narray and then wraps around, however snd_emu10k1_pcm_channel_alloc()\naccesses the newly allocated voices as if it never wrapped around.\n\nThis results in out of bounds access if the first voice has a high enough\nindex so that first_voice + requested_voice_count \u003e NUM_G (64).\nThe more voices are requested, the more likely it is for this to occur.\n\nThis was initially discovered using PipeWire, however it can be reproduced\nby calling aplay multiple times with 16 channels:\naplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero\n\nUBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40\nindex 65 is out of range for type \u0027snd_emu10k1_voice [64]\u0027\nCPU: 1 PID: 31977 Comm: aplay Tainted: G        W IOE      6.0.0-rc2-emu10k1+ #7\nHardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002    07/22/2010\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x49/0x63\ndump_stack+0x10/0x16\nubsan_epilogue+0x9/0x3f\n__ubsan_handle_out_of_bounds.cold+0x44/0x49\nsnd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1]\nsnd_pcm_hw_params+0x29f/0x600 [snd_pcm]\nsnd_pcm_common_ioctl+0x188/0x1410 [snd_pcm]\n? exit_to_user_mode_prepare+0x35/0x170\n? do_syscall_64+0x69/0x90\n? syscall_exit_to_user_mode+0x26/0x50\n? do_syscall_64+0x69/0x90\n? exit_to_user_mode_prepare+0x35/0x170\nsnd_pcm_ioctl+0x27/0x40 [snd_pcm]\n__x64_sys_ioctl+0x95/0xd0\ndo_syscall_64+0x5c/0x90\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:05:52.467Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275"
        },
        {
          "url": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7"
        },
        {
          "url": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2"
        },
        {
          "url": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1"
        },
        {
          "url": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178"
        },
        {
          "url": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f"
        }
      ],
      "title": "ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48702",
    "datePublished": "2024-05-03T15:13:10.363Z",
    "dateReserved": "2024-05-03T14:55:07.146Z",
    "dateUpdated": "2024-12-19T08:05:52.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48702\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-03T16:15:08.593\",\"lastModified\":\"2024-11-21T07:33:49.250\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()\\n\\nThe voice allocator sometimes begins allocating from near the end of the\\narray and then wraps around, however snd_emu10k1_pcm_channel_alloc()\\naccesses the newly allocated voices as if it never wrapped around.\\n\\nThis results in out of bounds access if the first voice has a high enough\\nindex so that first_voice + requested_voice_count \u003e NUM_G (64).\\nThe more voices are requested, the more likely it is for this to occur.\\n\\nThis was initially discovered using PipeWire, however it can be reproduced\\nby calling aplay multiple times with 16 channels:\\naplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero\\n\\nUBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40\\nindex 65 is out of range for type \u0027snd_emu10k1_voice [64]\u0027\\nCPU: 1 PID: 31977 Comm: aplay Tainted: G        W IOE      6.0.0-rc2-emu10k1+ #7\\nHardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002    07/22/2010\\nCall Trace:\\n\u003cTASK\u003e\\ndump_stack_lvl+0x49/0x63\\ndump_stack+0x10/0x16\\nubsan_epilogue+0x9/0x3f\\n__ubsan_handle_out_of_bounds.cold+0x44/0x49\\nsnd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1]\\nsnd_pcm_hw_params+0x29f/0x600 [snd_pcm]\\nsnd_pcm_common_ioctl+0x188/0x1410 [snd_pcm]\\n? exit_to_user_mode_prepare+0x35/0x170\\n? do_syscall_64+0x69/0x90\\n? syscall_exit_to_user_mode+0x26/0x50\\n? do_syscall_64+0x69/0x90\\n? exit_to_user_mode_prepare+0x35/0x170\\nsnd_pcm_ioctl+0x27/0x40 [snd_pcm]\\n__x64_sys_ioctl+0x95/0xd0\\ndo_syscall_64+0x5c/0x90\\n? do_syscall_64+0x69/0x90\\n? do_syscall_64+0x69/0x90\\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ALSA: emu10k1: corrige el acceso fuera de los l\u00edmites en snd_emu10k1_pcm_channel_alloc() El asignador de voz a veces comienza a asignar desde cerca del final de la matriz y luego regresa, sin embargo, snd_emu10k1_pcm_channel_alloc() accede al nuevo asign\u00f3 voces como si nunca hubiera terminado. Esto da como resultado un acceso fuera de los l\u00edmites si la primera voz tiene un \u00edndice lo suficientemente alto como para que primera_voz + recuento_de_voces_solicitadas \u0026gt; NUM_G (64). Cuantas m\u00e1s voces se soliciten, m\u00e1s probabilidades habr\u00e1 de que esto ocurra. Esto se descubri\u00f3 inicialmente usando PipeWire, sin embargo, se puede reproducir llamando a aplay varias veces con 16 canales: aplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero UBSAN: array-index-out -of-bounds en sound/pci/emu10k1/emupcm.c:127:40 el \u00edndice 65 est\u00e1 fuera de rango para el tipo \u0027snd_emu10k1_voice [64]\u0027 CPU: 1 PID: 31977 Comm: aplay Contaminado: GW IOE 6.0.0-rc2 -emu10k1+ #7 Nombre del hardware: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002 22/07/2010 Seguimiento de llamadas:  dump_stack_lvl+0x49/0x63 dump_stack+0x10/0x16 ubsan_epilogue+0x9/0x3f __ubsan_handle_out_of_bounds.cold + 0x44/0x49 snd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1] snd_pcm_hw_params+0x29f/0x600 [snd_pcm] snd_pcm_common_ioctl+0x188/0x1410 [snd_pcm] ? exit_to_user_mode_prepare+0x35/0x170? do_syscall_64+0x69/0x90? syscall_exit_to_user_mode+0x26/0x50? do_syscall_64+0x69/0x90? exit_to_user_mode_prepare+0x35/0x170 snd_pcm_ioctl+0x27/0x40 [snd_pcm] __x64_sys_ioctl+0x95/0xd0 do_syscall_64+0x5c/0x90 ? do_syscall_64+0x69/0x90? do_syscall_64+0x69/0x90 entrada_SYSCALL_64_after_hwframe+0x63/0xcd\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.