Hi Xiaosong, I sent the first email on 05.05.2022 to CVE-Request@xxxxxxxxx to require them update the description with the following information. They replied that they will update the information within that day. However, they didn't updated the description and then I sent the second email and they didn't reply me. Do you know any other ways to update the description. "I need to update the CVE description as below: After secondly opening a file with O_ACCMODE|O_DIRECT flags, nfs4_valid_open_stateid() will dereference NULL nfs4_state when lseek(). And its references should be updated as this: https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a " Best, Tao >From: chenxiaosong (A) <chenxiaosong2@xxxxxxxxxx> >Sent: Tuesday, May 31, 2022 8:40 AM >To: Lyu Tao >Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; bjschuma@xxxxxxxxxx; anna@xxxxxxxxxx; Trond Myklebust; liuyongqiang13@xxxxxxxxxx; yi.zhang@xxxxxxxxxx; zhangxiaoxu5@xxxxxxxxxx >Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag > >Hi Tao: > >"NVD Last Modified" date of >[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) is >already updated to 05/12/2022, but the description of the cve is still >wrong, and the hyperlink of [unrelated patch: NFSv4: Handle case where >the lookup of a directory >fails](https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf) >is still shown in the web. > >There is two fix patches of the cve, the web just show one of my patches. > >one patch is already shown in the web: [Revert "NFSv4: Handle the >special Linux file open access >mode"](https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a) > >second patch is not shown in the web: [NFSv4: fix open failure with >O_ACCMODE >flag](https://github.com/torvalds/linux/commit/b243874f6f9568b2daf1a00e9222cacdc15e159c) > >在 2022/5/6 15:40, Lyu Tao 写道: >>> From: chenxiaosong (A) <chenxiaosong2@xxxxxxxxxx> >>> Sent: Thursday, May 5, 2022 4:48 AM >>> To: Lyu Tao >>> Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; bjschuma@xxxxxxxxxx; anna@xxxxxxxxxx; Trond Myklebust; liuyongqiang13@xxxxxxxxxx; yi.zhang@xxxxxxxxxx; zhangxiaoxu5@xxxxxxxxxx >>> Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag >> >>> "NVD Last Modified" date of CVE-2022-24448 is updated as 04/29/2022, but the content of the cve is old. >>> https://nvd.nist.gov/vuln/detail/CVE-2022-24448 >> >> Hi, >> >> Thanks for reaching out. >> >> I've requested to update the CVE description and they replied me that it would be updated yesterday. Maybe the system need some time to reflesh. Let's wait a few more days. >> >> Best, >> Tao. >>
