Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Xiaosong,

I sent the first email on 05.05.2022 to CVE-Request@xxxxxxxxx to require them update the description with the following information. They replied that they will update the information within that day. However, they didn't updated the description and then I sent the second email and they didn't reply me.

Do you know any other ways to update the description.


"I need to update the CVE description as below:
After secondly opening a file with O_ACCMODE|O_DIRECT flags, nfs4_valid_open_stateid() will dereference NULL nfs4_state when lseek().
And its references should be updated as this:
https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a "

Best,
Tao

>From: chenxiaosong (A) <chenxiaosong2@xxxxxxxxxx>
>Sent: Tuesday, May 31, 2022 8:40 AM
>To: Lyu Tao
>Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; bjschuma@xxxxxxxxxx; anna@xxxxxxxxxx; Trond Myklebust; liuyongqiang13@xxxxxxxxxx; yi.zhang@xxxxxxxxxx; zhangxiaoxu5@xxxxxxxxxx
>Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
>    
>Hi Tao:
>
>"NVD Last Modified" date of 
>[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) is 
>already updated to 05/12/2022, but the description of the cve is still 
>wrong, and the hyperlink of [unrelated patch: NFSv4: Handle case where 
>the lookup of a directory 
>fails](https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf)
>is still shown in the web.
>
>There is two fix patches of the cve, the web just show one of my patches.
>
>one patch is already shown in the web: [Revert "NFSv4: Handle the 
>special Linux file open access 
>mode"](https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a)
>
>second patch is not shown in the web: [NFSv4: fix open failure with 
>O_ACCMODE 
>flag](https://github.com/torvalds/linux/commit/b243874f6f9568b2daf1a00e9222cacdc15e159c)
>
>在 2022/5/6 15:40, Lyu Tao 写道:
>>> From: chenxiaosong (A) <chenxiaosong2@xxxxxxxxxx>
>>> Sent: Thursday, May 5, 2022 4:48 AM
>>> To: Lyu Tao
>>> Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; bjschuma@xxxxxxxxxx; anna@xxxxxxxxxx; Trond Myklebust; liuyongqiang13@xxxxxxxxxx; yi.zhang@xxxxxxxxxx; zhangxiaoxu5@xxxxxxxxxx
>>> Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
>>      
>>> "NVD Last Modified" date of CVE-2022-24448 is updated as 04/29/2022, but the content of the cve is old.
>>> https://nvd.nist.gov/vuln/detail/CVE-2022-24448
>>   
>> Hi,
>> 
>> Thanks for reaching out.
>> 
>> I've requested to update the CVE description and they replied me that it would be updated yesterday. Maybe the system need some time to reflesh. Let's wait a few more days.
>> 
>> Best,
>> Tao.
>> 






    



[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux