Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag

From: Lyu Tao
Date: Tue May 31 2022 - 04:16:59 EST

Next message: Dietmar Eggemann: "Re: [PATCH v9 6/7] sched/fair: Remove task_util from effective utilization in feec()"
Previous message: Dietmar Eggemann: "Re: [PATCH v9 2/7] sched/fair: Decay task PELT values during wakeup migration"
In reply to: chenxiaosong (A): "Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag"
Next in thread: chenxiaosong (A): "Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Xiaosong,

I sent the first email on 05.05.2022 to CVE-Request@xxxxxxxxx to require them update the description with the following information. They replied that they will update the information within that day. However, they didn't updated the description and then I sent the second email and they didn't reply me.

Do you know any other ways to update the description.

"I need to update the CVE description as below:
After secondly opening a file with O_ACCMODE|O_DIRECT flags, nfs4_valid_open_stateid() will dereference NULL nfs4_state when lseek().
And its references should be updated as this:
https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a "

Best,
Tao

>From: chenxiaosong (A) <chenxiaosong2@xxxxxxxxxx>
>Sent: Tuesday, May 31, 2022 8:40 AM
>To: Lyu Tao
>Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; bjschuma@xxxxxxxxxx; anna@xxxxxxxxxx; Trond Myklebust; liuyongqiang13@xxxxxxxxxx; yi.zhang@xxxxxxxxxx; zhangxiaoxu5@xxxxxxxxxx
>Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
>
>Hi Tao:
>
>"NVD Last Modified" date of
>[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) is
>already updated to 05/12/2022, but the description of the cve is still
>wrong, and the hyperlink of [unrelated patch: NFSv4: Handle case where
>the lookup of a directory
>fails](https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf)
>is still shown in the web.
>
>There is two fix patches of the cve, the web just show one of my patches.
>
>one patch is already shown in the web: [Revert "NFSv4: Handle the
>special Linux file open access
>mode"](https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a)
>
>second patch is not shown in the web: [NFSv4: fix open failure with
>O_ACCMODE
>flag](https://github.com/torvalds/linux/commit/b243874f6f9568b2daf1a00e9222cacdc15e159c)
>
>在 2022/5/6 15:40, Lyu Tao 写道:
>>> From: chenxiaosong (A) <chenxiaosong2@xxxxxxxxxx>
>>> Sent: Thursday, May 5, 2022 4:48 AM
>>> To: Lyu Tao
>>> Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; bjschuma@xxxxxxxxxx; anna@xxxxxxxxxx; Trond Myklebust; liuyongqiang13@xxxxxxxxxx; yi.zhang@xxxxxxxxxx; zhangxiaoxu5@xxxxxxxxxx
>>> Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
>>
>>> "NVD Last Modified" date of CVE-2022-24448 is updated as 04/29/2022, but the content of the cve is old.
>>> https://nvd.nist.gov/vuln/detail/CVE-2022-24448
>>
>> Hi,
>>
>> Thanks for reaching out.
>>
>> I've requested to update the CVE description and they replied me that it would be updated yesterday. Maybe the system need some time to reflesh. Let's wait a few more days.
>>
>> Best,
>> Tao.
>>

Next message: Dietmar Eggemann: "Re: [PATCH v9 6/7] sched/fair: Remove task_util from effective utilization in feec()"
Previous message: Dietmar Eggemann: "Re: [PATCH v9 2/7] sched/fair: Decay task PELT values during wakeup migration"
In reply to: chenxiaosong (A): "Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag"
Next in thread: chenxiaosong (A): "Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]