Over the past few weeks we have been seeing an increase in cases where CVE descriptions seem to change from A to B, then back to A, and sometimes going on multiple times.
 
Today, for example, we saw CVE-2021-4192 have the description:
DOCUMENTATION: It was found that vim was vulnerable to User After Free in win_linetabsize(). Opened using vim, a specially crafted file could crash the vim process, or possibly lead to other undefined behaviors.
then change to 
DOCUMENTATION: It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors.
then back to the first, and then back to the second (and we had similar churn for this CVE yesterday). 
 
Similarly, on 01/31, for CVE-2022-22817, we went back and forth multiple times between the following descriptions:
DOCUMENTATION: A flaw was found in python-pillow.  The vulnerability occurs due to Improper Neutralization, which can lead to a Command Injection. This flaw allows an attacker to externally-influenced input commands that could modify the intended command.
DOCUMENTATION: It was found that vim was vulnerable to User After Free in win_linetabsize(). Opened using vim, a specially crafted file could crash the vim process, or possibly lead to other undefined behaviors.
STATEMENT: Red Hat Quay ships a vulnerable version of Pillow as a dependency of xhtml2pdf. The xhtml2pdf package is used in the invoice generation feature of quay, however the vulnerable ImageMath module is not used by xhtml2pdf. Therefore impact for Quay is rated Low.
 
We are pulling all our data from the OVAL feed (https://www.redhat.com/security/data/oval/v2/), and specifically for base RHEL unpatched (e.g. https://www.redhat.com/security/data/oval/v2/RHEL8/rhel-8-including-unpatched.oval.xml.bz2).