rhsa-2013_0579
Vulnerability from csaf_redhat
Published
2013-02-28 18:40
Modified
2024-11-22 06:38
Summary
Red Hat Security Advisory: rhev-hypervisor6 security, bug fix, and enhancement update
Notes
Topic
An updated rhev-hypervisor6 package that fixes three security issues,
various bugs, and adds an enhancement is now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
A flaw was found in the way the vhost kernel module handled descriptors
that spanned multiple regions. A privileged guest user could use this flaw
to crash the host or, potentially, escalate their privileges on the host.
(CVE-2013-0311)
It was found that the default SCSI command filter does not accommodate
commands that overlap across device classes. A privileged guest user could
potentially use this flaw to write arbitrary data to a LUN that is
passed-through as read-only. (CVE-2012-4542)
It was discovered that dnsmasq, when used in combination with certain
libvirtd configurations, could incorrectly process network packets from
network interfaces that were intended to be prohibited. A remote,
unauthenticated attacker could exploit this flaw to cause a denial of
service via DNS amplification attacks. (CVE-2012-3411)
The CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat.
This updated package provides updated components that include fixes for
several security issues. These issues had no security impact on Red Hat
Enterprise Virtualization Hypervisor itself, however. The security fixes
included in this update address the following CVE numbers:
CVE-2012-3955 (dhcp issue)
CVE-2011-4355 (gdb issue)
CVE-2012-4508, CVE-2013-0190, CVE-2013-0309, and CVE-2013-0310 (kernel
issues)
CVE-2012-5536 (openssh issue)
CVE-2011-3148 and CVE-2011-3149 (pam issues)
CVE-2013-0157 (util-linux-ng issue)
This updated Red Hat Enterprise Virtualization Hypervisor package also
fixes the following bugs:
* Previously, the Administration Portal would always display the option to
upgrade the Red Hat Enterprise Virtualization Hypervisor ISO regardless of
whether or not the selected host was up-to-date. Now, the VDSM version
compatibility is considered and the upgrade message only displays if there
is an upgrade relevant to the host available. (BZ#853092)
* An out of date version of libvirt was included in the Red Hat Enterprise
Virtualization Hypervisor 6.4 package. As a result, virtual machines with
supported CPU models were not being properly parsed by libvirt and failed
to start. A more recent version of libvirt has been included in this
updated hypervisor package. Virtual machines now start normally.
(BZ#895078)
As well, this update adds the following enhancement:
* Hypervisor packages now take advantage of the installonlypkg function
provided by yum. This allows for multiple versions of the hypervisor
package to be installed on a system concurrently without making changes to
the yum configuration as was previously required. (BZ#863579)
This update includes the ovirt-node build from RHBA-2013:0556:
https://rhn.redhat.com/errata/RHBA-2013-0556.html
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which fixes these issues and adds this
enhancement.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated rhev-hypervisor6 package that fixes three security issues,\nvarious bugs, and adds an enhancement is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way the vhost kernel module handled descriptors\nthat spanned multiple regions. A privileged guest user could use this flaw\nto crash the host or, potentially, escalate their privileges on the host.\n(CVE-2013-0311)\n\nIt was found that the default SCSI command filter does not accommodate\ncommands that overlap across device classes. A privileged guest user could\npotentially use this flaw to write arbitrary data to a LUN that is\npassed-through as read-only. (CVE-2012-4542)\n\nIt was discovered that dnsmasq, when used in combination with certain\nlibvirtd configurations, could incorrectly process network packets from\nnetwork interfaces that were intended to be prohibited. A remote,\nunauthenticated attacker could exploit this flaw to cause a denial of\nservice via DNS amplification attacks. (CVE-2012-3411)\n\nThe CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat.\n\nThis updated package provides updated components that include fixes for\nseveral security issues. These issues had no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2012-3955 (dhcp issue)\n\nCVE-2011-4355 (gdb issue)\n\nCVE-2012-4508, CVE-2013-0190, CVE-2013-0309, and CVE-2013-0310 (kernel\nissues)\n\nCVE-2012-5536 (openssh issue)\n\nCVE-2011-3148 and CVE-2011-3149 (pam issues)\n\nCVE-2013-0157 (util-linux-ng issue)\n\nThis updated Red Hat Enterprise Virtualization Hypervisor package also\nfixes the following bugs:\n\n* Previously, the Administration Portal would always display the option to\nupgrade the Red Hat Enterprise Virtualization Hypervisor ISO regardless of\nwhether or not the selected host was up-to-date. Now, the VDSM version\ncompatibility is considered and the upgrade message only displays if there\nis an upgrade relevant to the host available. (BZ#853092)\n\n* An out of date version of libvirt was included in the Red Hat Enterprise\nVirtualization Hypervisor 6.4 package. As a result, virtual machines with\nsupported CPU models were not being properly parsed by libvirt and failed\nto start. A more recent version of libvirt has been included in this\nupdated hypervisor package. Virtual machines now start normally.\n(BZ#895078)\n\nAs well, this update adds the following enhancement:\n\n* Hypervisor packages now take advantage of the installonlypkg function\nprovided by yum. This allows for multiple versions of the hypervisor\npackage to be installed on a system concurrently without making changes to\nthe yum configuration as was previously required. (BZ#863579)\n\nThis update includes the ovirt-node build from RHBA-2013:0556:\n\n https://rhn.redhat.com/errata/RHBA-2013-0556.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues and adds this\nenhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0579",
"url": "https://access.redhat.com/errata/RHSA-2013:0579"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHBA-2013-0556.html",
"url": "https://rhn.redhat.com/errata/RHBA-2013-0556.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/knowledge/articles/11258",
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"category": "external",
"summary": "https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"url": "https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html"
},
{
"category": "external",
"summary": "833033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833033"
},
{
"category": "external",
"summary": "835162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=835162"
},
{
"category": "external",
"summary": "853092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=853092"
},
{
"category": "external",
"summary": "863579",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=863579"
},
{
"category": "external",
"summary": "875360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875360"
},
{
"category": "external",
"summary": "912905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912905"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0579.json"
}
],
"title": "Red Hat Security Advisory: rhev-hypervisor6 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T06:38:29+00:00",
"generator": {
"date": "2024-11-22T06:38:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0579",
"initial_release_date": "2013-02-28T18:40:00+00:00",
"revision_history": [
{
"date": "2013-02-28T18:40:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-02-28T18:55:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:38:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEV Hypervisor for RHEL-6",
"product": {
"name": "RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhev-hypervisor6-0:6.4-20130221.0.el6.noarch",
"product": {
"name": "rhev-hypervisor6-0:6.4-20130221.0.el6.noarch",
"product_id": "rhev-hypervisor6-0:6.4-20130221.0.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhev-hypervisor6@6.4-20130221.0.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhev-hypervisor6-0:6.4-20130221.0.el6.noarch as a component of RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130221.0.el6.noarch"
},
"product_reference": "rhev-hypervisor6-0:6.4-20130221.0.el6.noarch",
"relates_to_product_reference": "6Server-RHEV-Hypervisor"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-3411",
"discovery_date": "2012-06-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "833033"
}
],
"notes": [
{
"category": "description",
"text": "Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130221.0.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-3411"
},
{
"category": "external",
"summary": "RHBZ#833033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833033"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-3411",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3411"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3411",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3411"
}
],
"release_date": "2012-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-02-28T18:40:00+00:00",
"details": "This update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization\nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130221.0.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0579"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130221.0.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks"
},
{
"acknowledgments": [
{
"names": [
"Paolo Bonzini"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2012-4542",
"discovery_date": "2012-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "875360"
}
],
"notes": [
{
"category": "description",
"text": "block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: block: default SCSI command filter does not accomodate commands overlap across device classes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. Due to the lack of upstream patches and the Moderate impact, we are not planning to address this issue in Red Hat Enterprise Linux 7.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130221.0.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-4542"
},
{
"category": "external",
"summary": "RHBZ#875360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-4542",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4542"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4542",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4542"
}
],
"release_date": "2013-01-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-02-28T18:40:00+00:00",
"details": "This update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization\nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130221.0.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0579"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130221.0.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: block: default SCSI command filter does not accomodate commands overlap across device classes"
},
{
"cve": "CVE-2013-0311",
"discovery_date": "2013-02-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "912905"
}
],
"notes": [
{
"category": "description",
"text": "The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: vhost: fix length for cross region descriptor",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.\n\nThis issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130221.0.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0311"
},
{
"category": "external",
"summary": "RHBZ#912905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912905"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0311",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0311"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0311",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0311"
}
],
"release_date": "2013-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-02-28T18:40:00+00:00",
"details": "This update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization\nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130221.0.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0579"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130221.0.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: vhost: fix length for cross region descriptor"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.