[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-nfs
Subject:    Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
From:       "chenxiaosong (A)" <chenxiaosong2 () huawei ! com>
Date:       2022-05-31 8:47:00
Message-ID: 7e1c6bd7-e97e-7a94-662d-481d94c0d1d9 () huawei ! com
[Download RAW message or body]

I do not know other ways to update the description, you can try to send 
email to CVE-Request@mitre.org again.

在 2022/5/31 16:16, Lyu Tao 写道:
> Hi Xiaosong,
> 
> I sent the first email on 05.05.2022 to CVE-Request@mitre.org to require them \
> update the description with the following information. They replied that they will \
> update the information within that day. However, they didn't updated the \
> description and then I sent the second email and they didn't reply me. 
> Do you know any other ways to update the description.
> 
> 
> "I need to update the CVE description as below:
> After secondly opening a file with O_ACCMODE|O_DIRECT flags, \
> nfs4_valid_open_stateid() will dereference NULL nfs4_state when lseek(). And its \
> references should be updated as this: \
> https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a " \
>  Best,
> Tao
> 
> > From: chenxiaosong (A) <chenxiaosong2@huawei.com>
> > Sent: Tuesday, May 31, 2022 8:40 AM
> > To: Lyu Tao
> > Cc: linux-nfs@vger.kernel.org; linux-kernel@vger.kernel.org; bjschuma@netapp.com; \
> > anna@kernel.org; Trond Myklebust; liuyongqiang13@huawei.com; yi.zhang@huawei.com; \
> >                 zhangxiaoxu5@huawei.com
> > Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
> > 
> > Hi Tao:
> > 
> > "NVD Last Modified" date of
> > [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) is
> > already updated to 05/12/2022, but the description of the cve is still
> > wrong, and the hyperlink of [unrelated patch: NFSv4: Handle case where
> > the lookup of a directory
> > fails](https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf)
> >  is still shown in the web.
> > 
> > There is two fix patches of the cve, the web just show one of my patches.
> > 
> > one patch is already shown in the web: [Revert "NFSv4: Handle the
> > special Linux file open access
> > mode"](https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a)
> >  
> > second patch is not shown in the web: [NFSv4: fix open failure with
> > O_ACCMODE
> > flag](https://github.com/torvalds/linux/commit/b243874f6f9568b2daf1a00e9222cacdc15e159c)
> >  
> > 在 2022/5/6 15:40, Lyu Tao 写道:
> > > > From: chenxiaosong (A) <chenxiaosong2@huawei.com>
> > > > Sent: Thursday, May 5, 2022 4:48 AM
> > > > To: Lyu Tao
> > > > Cc: linux-nfs@vger.kernel.org; linux-kernel@vger.kernel.org; \
> > > > bjschuma@netapp.com; anna@kernel.org; Trond Myklebust; \
> > > >                 liuyongqiang13@huawei.com; yi.zhang@huawei.com; \
> > > >                 zhangxiaoxu5@huawei.com
> > > > Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
> > > 
> > > > "NVD Last Modified" date of CVE-2022-24448 is updated as 04/29/2022, but the \
> > > > content of the cve is old. https://nvd.nist.gov/vuln/detail/CVE-2022-24448
> > > 
> > > Hi,
> > > 
> > > Thanks for reaching out.
> > > 
> > > I've requested to update the CVE description and they replied me that it would \
> > > be updated yesterday. Maybe the system need some time to reflesh. Let's wait a \
> > > few more days. 
> > > Best,
> > > Tao.
> > > 
> 
> 
> 
> 
> 
> 
> .
> 


[prev in list] [next in list] [prev in thread] [next in thread]