cve-2024-56633
Vulnerability from cvelistv5
Published
2024-12-27 15:02
Modified
2025-01-20 06:24
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg The current sk memory accounting logic in __SK_REDIRECT is pre-uncharging tosend bytes, which is either msg->sg.size or a smaller value apply_bytes. Potential problems with this strategy are as follows: - If the actual sent bytes are smaller than tosend, we need to charge some bytes back, as in line 487, which is okay but seems not clean. - When tosend is set to apply_bytes, as in line 417, and (ret < 0), we may miss uncharging (msg->sg.size - apply_bytes) bytes. [...] 415 tosend = msg->sg.size; 416 if (psock->apply_bytes && psock->apply_bytes < tosend) 417 tosend = psock->apply_bytes; [...] 443 sk_msg_return(sk, msg, tosend); 444 release_sock(sk); 446 origsize = msg->sg.size; 447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress, 448 msg, tosend, flags); 449 sent = origsize - msg->sg.size; [...] 454 lock_sock(sk); 455 if (unlikely(ret < 0)) { 456 int free = sk_msg_free_nocharge(sk, msg); 458 if (!cork) 459 *copied -= free; 460 } [...] 487 if (eval == __SK_REDIRECT) 488 sk_mem_charge(sk, tosend - sent); [...] When running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply, the following warning will be reported: ------------[ cut here ]------------ WARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0 Modules linked in: CPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Workqueue: events sk_psock_destroy RIP: 0010:inet_sock_destruct+0x190/0x1a0 RSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206 RAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800 RDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900 RBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0 R10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400 R13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100 FS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __warn+0x89/0x130 ? inet_sock_destruct+0x190/0x1a0 ? report_bug+0xfc/0x1e0 ? handle_bug+0x5c/0xa0 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? inet_sock_destruct+0x190/0x1a0 __sk_destruct+0x25/0x220 sk_psock_destroy+0x2b2/0x310 process_scheduled_works+0xa3/0x3e0 worker_thread+0x117/0x240 ? __pfx_worker_thread+0x10/0x10 kthread+0xcf/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x40 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ---[ end trace 0000000000000000 ]--- In __SK_REDIRECT, a more concise way is delaying the uncharging after sent bytes are finalized, and uncharge this value. When (ret < 0), we shall invoke sk_msg_free. Same thing happens in case __SK_DROP, when tosend is set to apply_bytes, we may miss uncharging (msg->sg.size - apply_bytes) bytes. The same warning will be reported in selftest. [...] 468 case __SK_DROP: 469 default: 470 sk_msg_free_partial(sk, msg, tosend); 471 sk_msg_apply_bytes(psock, tosend); 472 *copied -= (tosend + delta); 473 return -EACCES; [...] So instead of sk_msg_free_partial we can do sk_msg_free here.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0d6cd1151e26fc7c2d5daa85e8984aaa685a1a12
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/206d56f41a1509cadd06e2178c26cb830e45057d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/456f08d24afa51b5eb816c42e4ca1c44a247bd42
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5c9e3bb43a354a2245caebbbbb4a5b8c034fdd56
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/905d82e6e77d16ec3e089c92b7b59a14899dfc1a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ca70b8baf2bd125b2a4d96e76db79375c07d7ff2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dbedc7e142df5ea238a46fdd7462c1c42cd36a10
Impacted products
Vendor Product Version
Linux Linux Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
Version: 604326b41a6fb9b4a78b6179335decee0365cd8c
 Create a notification for this product.
   Linux Linux Version: 4.20
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_bpf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "905d82e6e77d16ec3e089c92b7b59a14899dfc1a",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "dbedc7e142df5ea238a46fdd7462c1c42cd36a10",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "0d6cd1151e26fc7c2d5daa85e8984aaa685a1a12",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "456f08d24afa51b5eb816c42e4ca1c44a247bd42",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "206d56f41a1509cadd06e2178c26cb830e45057d",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "5c9e3bb43a354a2245caebbbbb4a5b8c034fdd56",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "ca70b8baf2bd125b2a4d96e76db79375c07d7ff2",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_bpf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n  bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n  miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417   tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448                             msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456   int free = sk_msg_free_nocharge(sk, msg);\n458   if (!cork)\n459     *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488   sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS:  0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-20T06:24:33.356Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/905d82e6e77d16ec3e089c92b7b59a14899dfc1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbedc7e142df5ea238a46fdd7462c1c42cd36a10"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d6cd1151e26fc7c2d5daa85e8984aaa685a1a12"
        },
        {
          "url": "https://git.kernel.org/stable/c/456f08d24afa51b5eb816c42e4ca1c44a247bd42"
        },
        {
          "url": "https://git.kernel.org/stable/c/206d56f41a1509cadd06e2178c26cb830e45057d"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c9e3bb43a354a2245caebbbbb4a5b8c034fdd56"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca70b8baf2bd125b2a4d96e76db79375c07d7ff2"
        }
      ],
      "title": "tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56633",
    "datePublished": "2024-12-27T15:02:31.273Z",
    "dateReserved": "2024-12-27T15:00:39.838Z",
    "dateUpdated": "2025-01-20T06:24:33.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56633\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-27T15:15:22.933\",\"lastModified\":\"2024-12-27T15:15:22.933\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\\n\\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\\n\\nPotential problems with this strategy are as follows:\\n\\n- If the actual sent bytes are smaller than tosend, we need to charge some\\n  bytes back, as in line 487, which is okay but seems not clean.\\n\\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\\n  miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\\n\\n[...]\\n415 tosend = msg-\u003esg.size;\\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\\n417   tosend = psock-\u003eapply_bytes;\\n[...]\\n443 sk_msg_return(sk, msg, tosend);\\n444 release_sock(sk);\\n446 origsize = msg-\u003esg.size;\\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\\n448                             msg, tosend, flags);\\n449 sent = origsize - msg-\u003esg.size;\\n[...]\\n454 lock_sock(sk);\\n455 if (unlikely(ret \u003c 0)) {\\n456   int free = sk_msg_free_nocharge(sk, msg);\\n458   if (!cork)\\n459     *copied -= free;\\n460 }\\n[...]\\n487 if (eval == __SK_REDIRECT)\\n488   sk_mem_charge(sk, tosend - sent);\\n[...]\\n\\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\\nthe following warning will be reported:\\n\\n------------[ cut here ]------------\\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\\nModules linked in:\\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\\nWorkqueue: events sk_psock_destroy\\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\\nFS:  0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nPKRU: 55555554\\nCall Trace:\\n\u003cTASK\u003e\\n? __warn+0x89/0x130\\n? inet_sock_destruct+0x190/0x1a0\\n? report_bug+0xfc/0x1e0\\n? handle_bug+0x5c/0xa0\\n? exc_invalid_op+0x17/0x70\\n? asm_exc_invalid_op+0x1a/0x20\\n? inet_sock_destruct+0x190/0x1a0\\n__sk_destruct+0x25/0x220\\nsk_psock_destroy+0x2b2/0x310\\nprocess_scheduled_works+0xa3/0x3e0\\nworker_thread+0x117/0x240\\n? __pfx_worker_thread+0x10/0x10\\nkthread+0xcf/0x100\\n? __pfx_kthread+0x10/0x10\\nret_from_fork+0x31/0x40\\n? __pfx_kthread+0x10/0x10\\nret_from_fork_asm+0x1a/0x30\\n\u003c/TASK\u003e\\n---[ end trace 0000000000000000 ]---\\n\\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\\ninvoke sk_msg_free.\\n\\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\\nwarning will be reported in selftest.\\n\\n[...]\\n468 case __SK_DROP:\\n469 default:\\n470 sk_msg_free_partial(sk, msg, tosend);\\n471 sk_msg_apply_bytes(psock, tosend);\\n472 *copied -= (tosend + delta);\\n473 return -EACCES;\\n[...]\\n\\nSo instead of sk_msg_free_partial we can do sk_msg_free here.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0d6cd1151e26fc7c2d5daa85e8984aaa685a1a12\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/206d56f41a1509cadd06e2178c26cb830e45057d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/456f08d24afa51b5eb816c42e4ca1c44a247bd42\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5c9e3bb43a354a2245caebbbbb4a5b8c034fdd56\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/905d82e6e77d16ec3e089c92b7b59a14899dfc1a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ca70b8baf2bd125b2a4d96e76db79375c07d7ff2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dbedc7e142df5ea238a46fdd7462c1c42cd36a10\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.