Hi Trond and Tao, I have some question about CVE-2022-24448[1]. It's description as: An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. It's fixed by ac795161c936 ("NFSv4: Handle case where the lookup of a directory fails") When try to open a regular file with O_DIRECTORY flag, it always return -ENOTDIR to userspace rather than a valid file descriptor because the 'do_open' check the dentry type. My questions are: 1. which uninitialized data in the file description are returned from 'nfs_atomic_open'? 2. where use the uninitialized data? 3. which uninitialized data are returned from server? 4. is there a PoC reproducer or how to trigger it? [1] https://nvd.nist.gov/vuln/detail/CVE-2022-24448