Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I do not know other ways to update the description, you can try to send email to CVE-Request@xxxxxxxxx again.

在 2022/5/31 16:16, Lyu Tao 写道:
Hi Xiaosong,

I sent the first email on 05.05.2022 to CVE-Request@xxxxxxxxx to require them update the description with the following information. They replied that they will update the information within that day. However, they didn't updated the description and then I sent the second email and they didn't reply me.

Do you know any other ways to update the description.


"I need to update the CVE description as below:
After secondly opening a file with O_ACCMODE|O_DIRECT flags, nfs4_valid_open_stateid() will dereference NULL nfs4_state when lseek().
And its references should be updated as this:
https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a "

Best,
Tao

From: chenxiaosong (A) <chenxiaosong2@xxxxxxxxxx>
Sent: Tuesday, May 31, 2022 8:40 AM
To: Lyu Tao
Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; bjschuma@xxxxxxxxxx; anna@xxxxxxxxxx; Trond Myklebust; liuyongqiang13@xxxxxxxxxx; yi.zhang@xxxxxxxxxx; zhangxiaoxu5@xxxxxxxxxx
Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
Hi Tao:

"NVD Last Modified" date of
[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) is
already updated to 05/12/2022, but the description of the cve is still
wrong, and the hyperlink of [unrelated patch: NFSv4: Handle case where
the lookup of a directory
fails](https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf)
is still shown in the web.

There is two fix patches of the cve, the web just show one of my patches.

one patch is already shown in the web: [Revert "NFSv4: Handle the
special Linux file open access
mode"](https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a)

second patch is not shown in the web: [NFSv4: fix open failure with
O_ACCMODE
flag](https://github.com/torvalds/linux/commit/b243874f6f9568b2daf1a00e9222cacdc15e159c)

在 2022/5/6 15:40, Lyu Tao 写道:
From: chenxiaosong (A) <chenxiaosong2@xxxxxxxxxx>
Sent: Thursday, May 5, 2022 4:48 AM
To: Lyu Tao
Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; bjschuma@xxxxxxxxxx; anna@xxxxxxxxxx; Trond Myklebust; liuyongqiang13@xxxxxxxxxx; yi.zhang@xxxxxxxxxx; zhangxiaoxu5@xxxxxxxxxx
Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
"NVD Last Modified" date of CVE-2022-24448 is updated as 04/29/2022, but the content of the cve is old.
https://nvd.nist.gov/vuln/detail/CVE-2022-24448
Hi,

Thanks for reaching out.

I've requested to update the CVE description and they replied me that it would be updated yesterday. Maybe the system need some time to reflesh. Let's wait a few more days.

Best,
Tao.







     .




[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux