cve-2024-38664
Vulnerability from cvelistv5
Published
2024-06-24 13:50
Modified
2024-12-19 09:06
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: zynqmp_dpsub: Always register bridge
We must always register the DRM bridge, since zynqmp_dp_hpd_work_func
calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be
initialized. We do this before zynqmp_dpsub_drm_init since that calls
drm_bridge_attach. This fixes the following lockdep warning:
[ 19.217084] ------------[ cut here ]------------
[ 19.227530] DEBUG_LOCKS_WARN_ON(lock->magic != lock)
[ 19.227768] WARNING: CPU: 0 PID: 140 at kernel/locking/mutex.c:582 __mutex_lock+0x4bc/0x550
[ 19.241696] Modules linked in:
[ 19.244937] CPU: 0 PID: 140 Comm: kworker/0:4 Not tainted 6.6.20+ #96
[ 19.252046] Hardware name: xlnx,zynqmp (DT)
[ 19.256421] Workqueue: events zynqmp_dp_hpd_work_func
[ 19.261795] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 19.269104] pc : __mutex_lock+0x4bc/0x550
[ 19.273364] lr : __mutex_lock+0x4bc/0x550
[ 19.277592] sp : ffffffc085c5bbe0
[ 19.281066] x29: ffffffc085c5bbe0 x28: 0000000000000000 x27: ffffff88009417f8
[ 19.288624] x26: ffffff8800941788 x25: ffffff8800020008 x24: ffffffc082aa3000
[ 19.296227] x23: ffffffc080d90e3c x22: 0000000000000002 x21: 0000000000000000
[ 19.303744] x20: 0000000000000000 x19: ffffff88002f5210 x18: 0000000000000000
[ 19.311295] x17: 6c707369642e3030 x16: 3030613464662072 x15: 0720072007200720
[ 19.318922] x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 0000000000000001
[ 19.326442] x11: 0001ffc085c5b940 x10: 0001ff88003f388b x9 : 0001ff88003f3888
[ 19.334003] x8 : 0001ff88003f3888 x7 : 0000000000000000 x6 : 0000000000000000
[ 19.341537] x5 : 0000000000000000 x4 : 0000000000001668 x3 : 0000000000000000
[ 19.349054] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff88003f3880
[ 19.356581] Call trace:
[ 19.359160] __mutex_lock+0x4bc/0x550
[ 19.363032] mutex_lock_nested+0x24/0x30
[ 19.367187] drm_bridge_hpd_notify+0x2c/0x6c
[ 19.371698] zynqmp_dp_hpd_work_func+0x44/0x54
[ 19.376364] process_one_work+0x3ac/0x988
[ 19.380660] worker_thread+0x398/0x694
[ 19.384736] kthread+0x1bc/0x1c0
[ 19.388241] ret_from_fork+0x10/0x20
[ 19.392031] irq event stamp: 183
[ 19.395450] hardirqs last enabled at (183): [<ffffffc0800b9278>] finish_task_switch.isra.0+0xa8/0x2d4
[ 19.405140] hardirqs last disabled at (182): [<ffffffc081ad3754>] __schedule+0x714/0xd04
[ 19.413612] softirqs last enabled at (114): [<ffffffc080133de8>] srcu_invoke_callbacks+0x158/0x23c
[ 19.423128] softirqs last disabled at (110): [<ffffffc080133de8>] srcu_invoke_callbacks+0x158/0x23c
[ 19.432614] ---[ end trace 0000000000000000 ]---
(cherry picked from commit 61ba791c4a7a09a370c45b70a81b8c7d4cf6b2ae)
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38664", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-24T17:03:52.649243Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-24T17:04:05.592Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:12:25.988Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6ead3eccf67bc8318b1ce95ed879b2cc05b4fce9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/603661357056b5e5ba6d86f505fbc936eff396ba" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/be3f3042391d061cfca2bd22630e0d101acea5fc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/xlnx/zynqmp_dpsub.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6ead3eccf67bc8318b1ce95ed879b2cc05b4fce9", "status": "affected", "version": "eb2d64bfcc174919a921295a5327b99a3b8f4166", "versionType": "git" }, { "lessThan": "603661357056b5e5ba6d86f505fbc936eff396ba", "status": "affected", "version": "eb2d64bfcc174919a921295a5327b99a3b8f4166", "versionType": "git" }, { "lessThan": "be3f3042391d061cfca2bd22630e0d101acea5fc", "status": "affected", "version": "eb2d64bfcc174919a921295a5327b99a3b8f4166", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/xlnx/zynqmp_dpsub.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.2" }, { "lessThan": "6.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.33", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.4", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: zynqmp_dpsub: Always register bridge\n\nWe must always register the DRM bridge, since zynqmp_dp_hpd_work_func\ncalls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be\ninitialized. We do this before zynqmp_dpsub_drm_init since that calls\ndrm_bridge_attach. This fixes the following lockdep warning:\n\n[ 19.217084] ------------[ cut here ]------------\n[ 19.227530] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n[ 19.227768] WARNING: CPU: 0 PID: 140 at kernel/locking/mutex.c:582 __mutex_lock+0x4bc/0x550\n[ 19.241696] Modules linked in:\n[ 19.244937] CPU: 0 PID: 140 Comm: kworker/0:4 Not tainted 6.6.20+ #96\n[ 19.252046] Hardware name: xlnx,zynqmp (DT)\n[ 19.256421] Workqueue: events zynqmp_dp_hpd_work_func\n[ 19.261795] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 19.269104] pc : __mutex_lock+0x4bc/0x550\n[ 19.273364] lr : __mutex_lock+0x4bc/0x550\n[ 19.277592] sp : ffffffc085c5bbe0\n[ 19.281066] x29: ffffffc085c5bbe0 x28: 0000000000000000 x27: ffffff88009417f8\n[ 19.288624] x26: ffffff8800941788 x25: ffffff8800020008 x24: ffffffc082aa3000\n[ 19.296227] x23: ffffffc080d90e3c x22: 0000000000000002 x21: 0000000000000000\n[ 19.303744] x20: 0000000000000000 x19: ffffff88002f5210 x18: 0000000000000000\n[ 19.311295] x17: 6c707369642e3030 x16: 3030613464662072 x15: 0720072007200720\n[ 19.318922] x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 0000000000000001\n[ 19.326442] x11: 0001ffc085c5b940 x10: 0001ff88003f388b x9 : 0001ff88003f3888\n[ 19.334003] x8 : 0001ff88003f3888 x7 : 0000000000000000 x6 : 0000000000000000\n[ 19.341537] x5 : 0000000000000000 x4 : 0000000000001668 x3 : 0000000000000000\n[ 19.349054] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff88003f3880\n[ 19.356581] Call trace:\n[ 19.359160] __mutex_lock+0x4bc/0x550\n[ 19.363032] mutex_lock_nested+0x24/0x30\n[ 19.367187] drm_bridge_hpd_notify+0x2c/0x6c\n[ 19.371698] zynqmp_dp_hpd_work_func+0x44/0x54\n[ 19.376364] process_one_work+0x3ac/0x988\n[ 19.380660] worker_thread+0x398/0x694\n[ 19.384736] kthread+0x1bc/0x1c0\n[ 19.388241] ret_from_fork+0x10/0x20\n[ 19.392031] irq event stamp: 183\n[ 19.395450] hardirqs last enabled at (183): [\u003cffffffc0800b9278\u003e] finish_task_switch.isra.0+0xa8/0x2d4\n[ 19.405140] hardirqs last disabled at (182): [\u003cffffffc081ad3754\u003e] __schedule+0x714/0xd04\n[ 19.413612] softirqs last enabled at (114): [\u003cffffffc080133de8\u003e] srcu_invoke_callbacks+0x158/0x23c\n[ 19.423128] softirqs last disabled at (110): [\u003cffffffc080133de8\u003e] srcu_invoke_callbacks+0x158/0x23c\n[ 19.432614] ---[ end trace 0000000000000000 ]---\n\n(cherry picked from commit 61ba791c4a7a09a370c45b70a81b8c7d4cf6b2ae)" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:06:22.211Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/6ead3eccf67bc8318b1ce95ed879b2cc05b4fce9" }, { "url": "https://git.kernel.org/stable/c/603661357056b5e5ba6d86f505fbc936eff396ba" }, { "url": "https://git.kernel.org/stable/c/be3f3042391d061cfca2bd22630e0d101acea5fc" } ], "title": "drm: zynqmp_dpsub: Always register bridge", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-38664", "datePublished": "2024-06-24T13:50:52.371Z", "dateReserved": "2024-06-21T11:16:40.607Z", "dateUpdated": "2024-12-19T09:06:22.211Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-38664\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-24T14:15:12.707\",\"lastModified\":\"2024-11-21T09:26:35.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm: zynqmp_dpsub: Always register bridge\\n\\nWe must always register the DRM bridge, since zynqmp_dp_hpd_work_func\\ncalls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be\\ninitialized. We do this before zynqmp_dpsub_drm_init since that calls\\ndrm_bridge_attach. This fixes the following lockdep warning:\\n\\n[ 19.217084] ------------[ cut here ]------------\\n[ 19.227530] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\\n[ 19.227768] WARNING: CPU: 0 PID: 140 at kernel/locking/mutex.c:582 __mutex_lock+0x4bc/0x550\\n[ 19.241696] Modules linked in:\\n[ 19.244937] CPU: 0 PID: 140 Comm: kworker/0:4 Not tainted 6.6.20+ #96\\n[ 19.252046] Hardware name: xlnx,zynqmp (DT)\\n[ 19.256421] Workqueue: events zynqmp_dp_hpd_work_func\\n[ 19.261795] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n[ 19.269104] pc : __mutex_lock+0x4bc/0x550\\n[ 19.273364] lr : __mutex_lock+0x4bc/0x550\\n[ 19.277592] sp : ffffffc085c5bbe0\\n[ 19.281066] x29: ffffffc085c5bbe0 x28: 0000000000000000 x27: ffffff88009417f8\\n[ 19.288624] x26: ffffff8800941788 x25: ffffff8800020008 x24: ffffffc082aa3000\\n[ 19.296227] x23: ffffffc080d90e3c x22: 0000000000000002 x21: 0000000000000000\\n[ 19.303744] x20: 0000000000000000 x19: ffffff88002f5210 x18: 0000000000000000\\n[ 19.311295] x17: 6c707369642e3030 x16: 3030613464662072 x15: 0720072007200720\\n[ 19.318922] x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 0000000000000001\\n[ 19.326442] x11: 0001ffc085c5b940 x10: 0001ff88003f388b x9 : 0001ff88003f3888\\n[ 19.334003] x8 : 0001ff88003f3888 x7 : 0000000000000000 x6 : 0000000000000000\\n[ 19.341537] x5 : 0000000000000000 x4 : 0000000000001668 x3 : 0000000000000000\\n[ 19.349054] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff88003f3880\\n[ 19.356581] Call trace:\\n[ 19.359160] __mutex_lock+0x4bc/0x550\\n[ 19.363032] mutex_lock_nested+0x24/0x30\\n[ 19.367187] drm_bridge_hpd_notify+0x2c/0x6c\\n[ 19.371698] zynqmp_dp_hpd_work_func+0x44/0x54\\n[ 19.376364] process_one_work+0x3ac/0x988\\n[ 19.380660] worker_thread+0x398/0x694\\n[ 19.384736] kthread+0x1bc/0x1c0\\n[ 19.388241] ret_from_fork+0x10/0x20\\n[ 19.392031] irq event stamp: 183\\n[ 19.395450] hardirqs last enabled at (183): [\u003cffffffc0800b9278\u003e] finish_task_switch.isra.0+0xa8/0x2d4\\n[ 19.405140] hardirqs last disabled at (182): [\u003cffffffc081ad3754\u003e] __schedule+0x714/0xd04\\n[ 19.413612] softirqs last enabled at (114): [\u003cffffffc080133de8\u003e] srcu_invoke_callbacks+0x158/0x23c\\n[ 19.423128] softirqs last disabled at (110): [\u003cffffffc080133de8\u003e] srcu_invoke_callbacks+0x158/0x23c\\n[ 19.432614] ---[ end trace 0000000000000000 ]---\\n\\n(cherry picked from commit 61ba791c4a7a09a370c45b70a81b8c7d4cf6b2ae)\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm: zynqmp_dpsub: Registrar siempre puente Siempre debemos registrar el puente DRM, ya que zynqmp_dp_hpd_work_func llama a drm_bridge_hpd_notify, que a su vez espera que hpd_mutex se inicialice. Hacemos esto antes de zynqmp_dpsub_drm_init ya que llama a drm_bridge_attach. Esto corrige la siguiente advertencia de bloqueo: [19.217084] ------------[ cortar aqu\u00ed ]------------ [ 19.227530] DEBUG_LOCKS_WARN_ON(lock-\u0026gt;magic != lock ) [ 19.227768] ADVERTENCIA: CPU: 0 PID: 140 en kernel/locking/mutex.c:582 __mutex_lock+0x4bc/0x550 [ 19.241696] M\u00f3dulos vinculados en: [ 19.244937] CPU: 0 PID: 140 Comm: kworker/0:4 No contaminado 6.6.20+ #96 [19.252046] Nombre de hardware: xlnx,zynqmp (DT) [19.256421] Cola de trabajo: eventos zynqmp_dp_hpd_work_func [19.261795] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS PE=-- ) [ 19.269104] pc : __mutex_lock+0x4bc/0x550 [ 19.273364] lr : __mutex_lock+0x4bc/0x550 [ 19.277592] sp : ffffffc085c5bbe0 [ 19.281066] x29: ffffffc085c5bbe0 8: 0000000000000000 x27: ffffff88009417f8 [ 19.288624] x26: ffffff8800941788 x25: ffffff8800020008 x24: ffffffc082aa3000 [ 19.296227] x23: ffffffc080d90e3c x22: 0000000000000002 x21: 00000000000000000 [ 19.303744] x20: 0000000000000000 x19: ffffff88002f5210 x18: 0000000000000000 [ 19.311295] x17: 6c707369642e3030 x16: 3030613464662072 x15: 0720072007200720 [ 19.318922] 4: 0000000000000000 x13: 284e4f5f4e524157 x12: 0000000000000001 [ 19.326442] x11: 0001ffc085c5b940 x10: 0001ff88003f388b x9: 0001ff88003f3888 [19.334003] x8: 0001ff88003f3888 x7: 0000000000000000 x6 : 0000000000000000 [ 19.341537] x5 : 0000000000000000 x4 : 0000000000001668 x3 : 0000000000000000 [ 19.349054] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffffff88003f3880 [ 19.356581] Seguimiento de llamadas: [ 19.359160] __mutex_lock+0x4bc/0x550 [ 19.363032] mutex_lock_nested+0x24/0x30 [ 19.367187] drm_bridge_hpd_notify+0x2c/0x6c [ zynqmp_dp_hpd_work_func +0x44/0x54 [ 19.376364] proceso_un_trabajo+0x3ac/0x988 [ 19.380660] hilo_trabajador+0x398/ 0x694 [19.384736] kthread+0x1bc/0x1c0 [19.388241] ret_from_fork+0x10/0x20 [19.392031] sello de evento irq: 183 [19.395450] hardirqs habilitado por \u00faltima vez en (183): [] terminar_task_switch.isra.0+0xa8/0x2d4 [ 19.405140] hardirqs deshabilitado por \u00faltima vez en (182): [] __schedule+0x714/0xd04 [ 19.413612] softirqs habilitado por \u00faltima vez en (114): [] srcu_invoke_callbacks+0x158/0x23c 19.423128] softirqs se deshabilit\u00f3 por \u00faltima vez en ( 110): [] srcu_invoke_callbacks+0x158/0x23c [ 19.432614] ---[ end trace 0000000000000000 ]--- (seleccionado de el commit 61ba791c4a7a09a370c45b70a81b8c7d4 cf6b2ae)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2\",\"matchCriteriaId\":\"108695B6-7133-4B6C-80AF-0F66880FE858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6\",\"versionEndExcluding\":\"6.6.33\",\"matchCriteriaId\":\"53BC60D9-65A5-4D8F-96C8-149F09214DBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.4\",\"matchCriteriaId\":\"A500F935-F0ED-4DC7-AD02-9D7C365D13AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C40DD2D9-90E3-4E95-9F1A-E7C680F11F2A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/603661357056b5e5ba6d86f505fbc936eff396ba\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6ead3eccf67bc8318b1ce95ed879b2cc05b4fce9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/be3f3042391d061cfca2bd22630e0d101acea5fc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/603661357056b5e5ba6d86f505fbc936eff396ba\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6ead3eccf67bc8318b1ce95ed879b2cc05b4fce9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/be3f3042391d061cfca2bd22630e0d101acea5fc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.