CVE-2024-42102
Vulnerability from cvelistv5
Published
2024-07-30 07:45
Modified
2024-12-19 09:12
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ecPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1aPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9dPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ecPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1aPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9dPatch
Impacted products
Vendor Product Version
Linux Linux Version: 6.8
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:54:32.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42102",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:59.274407Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:59.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/page-writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "253f9ea7e8e53a5176bd80ceb174907b10724c1a",
              "status": "affected",
              "version": "c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e",
              "versionType": "git"
            },
            {
              "lessThan": "23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807",
              "status": "affected",
              "version": "1f12e4b3284d6c863f272eb2de0d4248ed211cf4",
              "versionType": "git"
            },
            {
              "lessThan": "145faa3d03688cbb7bbaaecbd84c01539852942c",
              "status": "affected",
              "version": "81e7d2530d458548b90a5c5e76b77ad5e5d1c0df",
              "versionType": "git"
            },
            {
              "lessThan": "2820005edae13b140f2d54267d1bd6bb23915f59",
              "status": "affected",
              "version": "5099871b370335809c0fd1abad74d9c7c205d43f",
              "versionType": "git"
            },
            {
              "lessThan": "cbbe17a324437c0ff99881a3ee453da45b228a00",
              "status": "affected",
              "version": "16b1025eaa8fc223ab4273ece20d1c3a4211a95d",
              "versionType": "git"
            },
            {
              "lessThan": "f6620df12cb6bdcad671d269debbb23573502f9d",
              "status": "affected",
              "version": "ec18ec230301583395576915d274b407743d8f6c",
              "versionType": "git"
            },
            {
              "lessThan": "000099d71648504fb9c7a4616f92c2b70c3e44ec",
              "status": "affected",
              "version": "9319b647902cbd5cc884ac08a8a6d54ce111fc78",
              "versionType": "git"
            },
            {
              "lessThan": "30139c702048f1097342a31302cbd3d478f50c63",
              "status": "affected",
              "version": "9319b647902cbd5cc884ac08a8a6d54ce111fc78",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/page-writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits.  This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways.  Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh \u003e= 1\u003c\u003c32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this).  Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs.  We have\ndiv64_ul() in case we want to be safe \u0026 cheap.  Thirdly, if dirty\nthresholds are larger than 1\u003c\u003c32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:12:47.256Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807"
        },
        {
          "url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c"
        },
        {
          "url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63"
        }
      ],
      "title": "Revert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42102",
    "datePublished": "2024-07-30T07:45:58.423Z",
    "dateReserved": "2024-07-29T15:50:41.174Z",
    "dateUpdated": "2024-12-19T09:12:47.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-42102\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-30T08:15:02.733\",\"lastModified\":\"2024-11-21T09:33:36.267\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRevert \\\"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\\\"\\n\\nPatch series \\\"mm: Avoid possible overflows in dirty throttling\\\".\\n\\nDirty throttling logic assumes dirty limits in page units fit into\\n32-bits.  This patch series makes sure this is true (see patch 2/2 for\\nmore details).\\n\\n\\nThis patch (of 2):\\n\\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\\n\\nThe commit is broken in several ways.  Firstly, the removed (u64) cast\\nfrom the multiplication will introduce a multiplication overflow on 32-bit\\narchs if wb_thresh * bg_thresh \u003e= 1\u003c\u003c32 (which is actually common - the\\ndefault settings with 4GB of RAM will trigger this).  Secondly, the\\ndiv64_u64() is unnecessarily expensive on 32-bit archs.  We have\\ndiv64_ul() in case we want to be safe \u0026 cheap.  Thirdly, if dirty\\nthresholds are larger than 1\u003c\u003c32 pages, then dirty balancing is going to\\nblow up in many other spectacular ways anyway so trying to fix one\\npossible overflow is just moot.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \\\"mm/writeback: corrige la posible divisi\u00f3n por cero en wb_dirty_limits(), nuevamente\\\" Patch series \\\"mm: evita posibles desbordamientos en la aceleraci\u00f3n sucia\\\". La l\u00f3gica de limitaci\u00f3n sucia supone que los l\u00edmites sucios en las unidades de p\u00e1ginas caben en 32 bits. Esta serie de parches garantiza que esto sea cierto (consulte el parche 2/2 para obtener m\u00e1s detalles). Este parche (de 2): esto revierte la confirmaci\u00f3n 9319b647902cbd5cc884ac08a8a6d54ce111fc78. El compromiso se rompe de varias maneras. En primer lugar, la conversi\u00f3n eliminada (u64) de la multiplicaci\u00f3n introducir\u00e1 un desbordamiento de multiplicaci\u00f3n en arcos de 32 bits si wb_thresh * bg_thresh \u0026gt;= 1\u0026lt;\u0026lt;32 (lo cual es realmente com\u00fan; la configuraci\u00f3n predeterminada con 4 GB de RAM activar\u00e1 esto). En segundo lugar, div64_u64() es innecesariamente caro en arcos de 32 bits. Tenemos div64_ul() en caso de que queramos ser seguros y econ\u00f3micos. En tercer lugar, si los umbrales sucios son mayores que 1\u0026lt;\u0026lt;32 p\u00e1ginas, entonces el equilibrio sucio explotar\u00e1 de muchas otras maneras espectaculares de todos modos, por lo que intentar solucionar un posible desbordamiento es discutible.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-369\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.307\",\"versionEndExcluding\":\"4.19.318\",\"matchCriteriaId\":\"AC87CBCC-3003-46A2-A52F-5CCE1E460E3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.269\",\"versionEndExcluding\":\"5.4.280\",\"matchCriteriaId\":\"293D6C3D-DC96-4828-BE63-8D51E25BE21C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.210\",\"versionEndExcluding\":\"5.10.222\",\"matchCriteriaId\":\"3D7FDA64-0DC4-4B41-B50A-574D2D1FA12D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.149\",\"versionEndExcluding\":\"5.15.163\",\"matchCriteriaId\":\"0720413E-F29A-4C0A-9B57-5158A778C4A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.79\",\"versionEndExcluding\":\"6.1.98\",\"matchCriteriaId\":\"56BF47BE-6357-4916-8FB6-5EB3BF21A96E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6.18\",\"versionEndExcluding\":\"6.6.39\",\"matchCriteriaId\":\"B702CA29-94C0-4076-8DE7-5041233C96A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.9.9\",\"matchCriteriaId\":\"5726EB4D-ED18-4DEC-B0C0-A525D33487E1\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.