cve-2024-45025
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes. What it does is copying enough words (BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest. That works fine, *if* all bits past the cutoff point are clear. Otherwise we are risking garbage from the last word we'd copied. For most of the callers that is true - expand_fdtable() has count equal to old->max_fds, so there's no open descriptors past count, let alone fully occupied words in ->open_fds[], which is what bits in ->full_fds_bits[] correspond to. The other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds), which is the smallest multiple of BITS_PER_LONG that covers all opened descriptors below max_fds. In the common case (copying on fork()) max_fds is ~0U, so all opened descriptors will be below it and we are fine, by the same reasons why the call in expand_fdtable() is safe. Unfortunately, there is a case where max_fds is less than that and where we might, indeed, end up with junk in ->full_fds_bits[] - close_range(from, to, CLOSE_RANGE_UNSHARE) with * descriptor table being currently shared * 'to' being above the current capacity of descriptor table * 'from' being just under some chunk of opened descriptors. In that case we end up with observably wrong behaviour - e.g. spawn a child with CLONE_FILES, get all descriptors in range 0..127 open, then close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending up with descriptor #128, despite #64 being observably not open. The minimally invasive fix would be to deal with that in dup_fd(). If this proves to add measurable overhead, we can go that way, but let's try to fix copy_fd_bitmaps() first. * new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size). * make copy_fd_bitmaps() take the bitmap size in words, rather than bits; it's 'count' argument is always a multiple of BITS_PER_LONG, so we are not losing any information, and that way we can use the same helper for all three bitmaps - compiler will see that count is a multiple of BITS_PER_LONG for the large ones, so it'll generate plain memcpy()+memset(). Reproducer added to tools/testing/selftests/core/close_range_test.c
Impacted products
Vendor Product Version
Linux Linux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45025",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:46:55.387258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:47:10.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/file.c",
            "include/linux/bitmap.h",
            "tools/testing/selftests/core/close_range_test.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ee501f827f3db02d4e599afbbc1a7f8b792d05d7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e807487a1d5fd5d941f26578ae826ca815dbfcd6",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fe5bf14881701119aeeda7cf685f3c226c7380df",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5053581fe5dfb09b58c65dd8462bf5dea71f41ff",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8cad3b2b3ab81ca55f37405ffd1315bcc2948058",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c69d18f0ac7060de724511537810f10f29a27958",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9a2fa1472083580b6c66bdaf291f591e1170123a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/file.c",
            "include/linux/bitmap.h",
            "tools/testing/selftests/core/close_range_test.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old-\u003efull_fds_bits[] and fill\nthe rest with zeroes.  What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear.  Otherwise we are risking garbage from the last word\nwe\u0027d copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old-\u003emax_fds, so there\u0027s no open descriptors\npast count, let alone fully occupied words in -\u003eopen_fds[],\nwhich is what bits in -\u003efull_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds.  In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in -\u003efull_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* \u0027to\u0027 being above the current capacity of descriptor table\n\t* \u0027from\u0027 being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet\u0027s try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it\u0027s \u0027count\u0027 argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it\u0027ll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:20:27.970Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df"
        },
        {
          "url": "https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a"
        }
      ],
      "title": "fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45025",
    "datePublished": "2024-09-11T15:13:57.732Z",
    "dateReserved": "2024-08-21T05:34:56.684Z",
    "dateUpdated": "2024-12-19T09:20:27.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45025\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-11T16:15:07.440\",\"lastModified\":\"2024-09-13T16:30:07.073\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\\n\\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\\ncount/BITS_PER_LONG bits from old-\u003efull_fds_bits[] and fill\\nthe rest with zeroes.  What it does is copying enough words\\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\\nThat works fine, *if* all bits past the cutoff point are\\nclear.  Otherwise we are risking garbage from the last word\\nwe\u0027d copied.\\n\\nFor most of the callers that is true - expand_fdtable() has\\ncount equal to old-\u003emax_fds, so there\u0027s no open descriptors\\npast count, let alone fully occupied words in -\u003eopen_fds[],\\nwhich is what bits in -\u003efull_fds_bits[] correspond to.\\n\\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\\nwhich is the smallest multiple of BITS_PER_LONG that covers all\\nopened descriptors below max_fds.  In the common case (copying on\\nfork()) max_fds is ~0U, so all opened descriptors will be below\\nit and we are fine, by the same reasons why the call in expand_fdtable()\\nis safe.\\n\\nUnfortunately, there is a case where max_fds is less than that\\nand where we might, indeed, end up with junk in -\u003efull_fds_bits[] -\\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\\n\\t* descriptor table being currently shared\\n\\t* \u0027to\u0027 being above the current capacity of descriptor table\\n\\t* \u0027from\u0027 being just under some chunk of opened descriptors.\\nIn that case we end up with observably wrong behaviour - e.g. spawn\\na child with CLONE_FILES, get all descriptors in range 0..127 open,\\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\\nup with descriptor #128, despite #64 being observably not open.\\n\\nThe minimally invasive fix would be to deal with that in dup_fd().\\nIf this proves to add measurable overhead, we can go that way, but\\nlet\u0027s try to fix copy_fd_bitmaps() first.\\n\\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\\nbits; it\u0027s \u0027count\u0027 argument is always a multiple of BITS_PER_LONG,\\nso we are not losing any information, and that way we can use the\\nsame helper for all three bitmaps - compiler will see that count\\nis a multiple of BITS_PER_LONG for the large ones, so it\u0027ll generate\\nplain memcpy()+memset().\\n\\nReproducer added to tools/testing/selftests/core/close_range_test.c\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: se corrige la corrupci\u00f3n de mapas de bits en close_range() con CLOSE_RANGE_UNSHARE Se espera que copy_fd_bitmaps(new, old, count) copie los primeros bits count/BITS_PER_LONG de old-\u0026gt;full_fds_bits[] y rellene el resto con ceros. Lo que hace es copiar suficientes palabras (BITS_TO_LONGS(count/BITS_PER_LONG)), luego memsets el resto. Eso funciona bien, *si* todos los bits m\u00e1s all\u00e1 del punto de corte est\u00e1n limpios. De lo contrario, corremos el riesgo de basura de la \u00faltima palabra que hab\u00edamos copiado. Para la mayor\u00eda de los llamadores, esto es cierto: expand_fdtable() tiene count igual a old-\u0026gt;max_fds, por lo que no hay descriptores abiertos m\u00e1s all\u00e1 de count, y mucho menos palabras completamente ocupadas en -\u0026gt;open_fds[], que es a lo que corresponden los bits en -\u0026gt;full_fds_bits[]. El otro llamador (dup_fd()) pasa sane_fdtable_size(old_fdt, max_fds), que es el m\u00faltiplo m\u00e1s peque\u00f1o de BITS_PER_LONG que cubre todos los descriptores abiertos por debajo de max_fds. En el caso com\u00fan (copiar en fork()) max_fds es ~0U, por lo que todos los descriptores abiertos estar\u00e1n por debajo de \u00e9l y estamos bien, por las mismas razones por las que la llamada en expand_fdtable() es segura. Desafortunadamente, hay un caso en el que max_fds es menor que eso y en el que, de hecho, podr\u00edamos terminar con basura en -\u0026gt;full_fds_bits[] - close_range(from, to, CLOSE_RANGE_UNSHARE) con * tabla de descriptores que se comparte actualmente * \u0027to\u0027 est\u00e1 por encima de la capacidad actual de la tabla de descriptores * \u0027from\u0027 est\u00e1 justo debajo de alg\u00fan trozo de descriptores abiertos. En ese caso, terminamos con un comportamiento observablemente incorrecto, por ejemplo, generar un hijo con CLONE_FILES, obtener todos los descriptores en el rango 0..127 abiertos, luego close_range(64, ~0U, CLOSE_RANGE_UNSHARE) y ver que dup(0) termina con el descriptor #128, a pesar de que #64 no est\u00e1 abierta observablemente. La soluci\u00f3n m\u00ednimamente invasiva ser\u00eda lidiar con eso en dup_fd(). Si esto demuestra agregar una sobrecarga medible, podemos ir por ese camino, pero intentemos arreglar copy_fd_bitmaps() primero. * nuevo ayudante: bitmap_copy_and_expand(to, from, bits_to_copy, size). * hacer que copy_fd_bitmaps() tome el tama\u00f1o del mapa de bits en palabras, en lugar de bits; Su argumento \u0027count\u0027 es siempre un m\u00faltiplo de BITS_PER_LONG, por lo que no perdemos ninguna informaci\u00f3n y de esa manera podemos usar el mismo asistente para los tres mapas de bits: el compilador ver\u00e1 que count es un m\u00faltiplo de BITS_PER_LONG para los grandes, por lo que generar\u00e1 memcpy()+memset() simple. Se agreg\u00f3 el reproductor a tools/testing/selftests/core/close_range_test.c\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.19.321\",\"matchCriteriaId\":\"5131A29D-7B39-48FD-A512-B4599B486AB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.283\",\"matchCriteriaId\":\"8E6B390A-0CE6-44FC-8CD5-BE8226D6D24C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.225\",\"matchCriteriaId\":\"C57B46A9-B105-4792-8481-1870DEFB436A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.166\",\"matchCriteriaId\":\"913ED6CD-8ACF-48AF-AA18-7880881DD402\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.107\",\"matchCriteriaId\":\"53954FF8-CB48-4302-BC4C-9DA7A88F44A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.48\",\"matchCriteriaId\":\"9DE9201A-CE6B-4726-BABB-8265EA0F8AE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.7\",\"matchCriteriaId\":\"D2AFDFD1-D95A-4EB7-843B-5E7659518B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0005AEF-856E-47EB-BFE4-90C46899394D\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.