From: Lyu Tao <tao.lyu@epfl.ch>
To: "chenxiaosong (A)" <chenxiaosong2@huawei.com>
Cc: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"bjschuma@netapp.com" <bjschuma@netapp.com>,
"anna@kernel.org" <anna@kernel.org>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
"liuyongqiang13@huawei.com" <liuyongqiang13@huawei.com>,
"yi.zhang@huawei.com" <yi.zhang@huawei.com>,
"zhangxiaoxu5@huawei.com" <zhangxiaoxu5@huawei.com>
Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
Date: Tue, 31 May 2022 08:16:45 +0000 [thread overview]
Message-ID: <0a0ed6d1f34f49a9b847cb2891876d27@epfl.ch> (raw)
In-Reply-To: <db55c8f7-6a6f-410e-74ca-4040364bd38a@huawei.com>
Hi Xiaosong,
I sent the first email on 05.05.2022 to CVE-Request@mitre.org to require them update the description with the following information. They replied that they will update the information within that day. However, they didn't updated the description and then I sent the second email and they didn't reply me.
Do you know any other ways to update the description.
"I need to update the CVE description as below:
After secondly opening a file with O_ACCMODE|O_DIRECT flags, nfs4_valid_open_stateid() will dereference NULL nfs4_state when lseek().
And its references should be updated as this:
https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a "
Best,
Tao
>From: chenxiaosong (A) <chenxiaosong2@huawei.com>
>Sent: Tuesday, May 31, 2022 8:40 AM
>To: Lyu Tao
>Cc: linux-nfs@vger.kernel.org; linux-kernel@vger.kernel.org; bjschuma@netapp.com; anna@kernel.org; Trond Myklebust; liuyongqiang13@huawei.com; yi.zhang@huawei.com; zhangxiaoxu5@huawei.com
>Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
>
>Hi Tao:
>
>"NVD Last Modified" date of
>[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) is
>already updated to 05/12/2022, but the description of the cve is still
>wrong, and the hyperlink of [unrelated patch: NFSv4: Handle case where
>the lookup of a directory
>fails](https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf)
>is still shown in the web.
>
>There is two fix patches of the cve, the web just show one of my patches.
>
>one patch is already shown in the web: [Revert "NFSv4: Handle the
>special Linux file open access
>mode"](https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a)
>
>second patch is not shown in the web: [NFSv4: fix open failure with
>O_ACCMODE
>flag](https://github.com/torvalds/linux/commit/b243874f6f9568b2daf1a00e9222cacdc15e159c)
>
>在 2022/5/6 15:40, Lyu Tao 写道:
>>> From: chenxiaosong (A) <chenxiaosong2@huawei.com>
>>> Sent: Thursday, May 5, 2022 4:48 AM
>>> To: Lyu Tao
>>> Cc: linux-nfs@vger.kernel.org; linux-kernel@vger.kernel.org; bjschuma@netapp.com; anna@kernel.org; Trond Myklebust; liuyongqiang13@huawei.com; yi.zhang@huawei.com; zhangxiaoxu5@huawei.com
>>> Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
>>
>>> "NVD Last Modified" date of CVE-2022-24448 is updated as 04/29/2022, but the content of the cve is old.
>>> https://nvd.nist.gov/vuln/detail/CVE-2022-24448
>>
>> Hi,
>>
>> Thanks for reaching out.
>>
>> I've requested to update the CVE description and they replied me that it would be updated yesterday. Maybe the system need some time to reflesh. Let's wait a few more days.
>>
>> Best,
>> Tao.
>>
next prev parent reply other threads:[~2022-05-31 8:16 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-29 11:32 [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag ChenXiaoSong
2022-03-29 11:32 ` [PATCH -next 1/2] Revert "NFSv4: Handle the special Linux file open access mode" ChenXiaoSong
2022-03-29 11:32 ` [PATCH -next 2/2] NFSv4: fix open failure with O_ACCMODE flag ChenXiaoSong
2022-03-29 13:05 ` Trond Myklebust
2022-03-29 13:44 ` chenxiaosong (A)
2022-03-29 13:56 ` Trond Myklebust
2022-03-29 14:32 ` [PATCH -next 0/2] fix nfsv4 bugs of opening " chenxiaosong (A)
[not found] ` <e0c2d7ec62b447cabddbc8a9274be955@epfl.ch>
2022-04-13 13:42 ` chenxiaosong (A)
2022-04-13 14:05 ` chenxiaosong (A)
2022-04-13 14:34 ` chenxiaosong (A)
[not found] ` <3ee78045f18b4932b1651de776ee73c4@epfl.ch>
2022-04-13 14:42 ` chenxiaosong (A)
[not found] ` <55415e44b4b04bbfa66c42d5f2788384@epfl.ch>
2022-04-14 2:41 ` chenxiaosong (A)
2022-04-14 7:33 ` Lyu Tao
2022-05-05 2:48 ` chenxiaosong (A)
2022-05-06 7:40 ` Lyu Tao
2022-05-31 6:40 ` chenxiaosong (A)
2022-05-31 8:16 ` Lyu Tao [this message]
2022-05-31 8:47 ` chenxiaosong (A)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0a0ed6d1f34f49a9b847cb2891876d27@epfl.ch \
--to=tao.lyu@epfl.ch \
--cc=anna@kernel.org \
--cc=bjschuma@netapp.com \
--cc=chenxiaosong2@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=liuyongqiang13@huawei.com \
--cc=trond.myklebust@hammerspace.com \
--cc=yi.zhang@huawei.com \
--cc=zhangxiaoxu5@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).