Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag

From: chenxiaosong (A)
Date: Tue May 31 2022 - 04:47:12 EST

Next message: Roberto Sassu: "RE: [PATCH 1/2] libbpf: Retry map access with read-only permission"
Previous message: Jens Axboe: "Re: [syzbot] UBSAN: array-index-out-of-bounds in io_submit_sqes"
In reply to: Lyu Tao: "Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I do not know other ways to update the description, you can try to send email to CVE-Request@xxxxxxxxx again.

在 2022/5/31 16:16, Lyu Tao 写道:

Hi Xiaosong,

I sent the first email on 05.05.2022 to CVE-Request@xxxxxxxxx to require them update the description with the following information. They replied that they will update the information within that day. However, they didn't updated the description and then I sent the second email and they didn't reply me.

Do you know any other ways to update the description.

"I need to update the CVE description as below:
After secondly opening a file with O_ACCMODE|O_DIRECT flags, nfs4_valid_open_stateid() will dereference NULL nfs4_state when lseek().
And its references should be updated as this:
https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a "

Best,
Tao

From: chenxiaosong (A) <chenxiaosong2@xxxxxxxxxx>
Sent: Tuesday, May 31, 2022 8:40 AM
To: Lyu Tao
Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; bjschuma@xxxxxxxxxx; anna@xxxxxxxxxx; Trond Myklebust; liuyongqiang13@xxxxxxxxxx; yi.zhang@xxxxxxxxxx; zhangxiaoxu5@xxxxxxxxxx
Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
Hi Tao:

"NVD Last Modified" date of
[CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) is
already updated to 05/12/2022, but the description of the cve is still
wrong, and the hyperlink of [unrelated patch: NFSv4: Handle case where
the lookup of a directory
fails](https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf)
is still shown in the web.

There is two fix patches of the cve, the web just show one of my patches.

one patch is already shown in the web: [Revert "NFSv4: Handle the
special Linux file open access
mode"](https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a)

second patch is not shown in the web: [NFSv4: fix open failure with
O_ACCMODE
flag](https://github.com/torvalds/linux/commit/b243874f6f9568b2daf1a00e9222cacdc15e159c)

在 2022/5/6 15:40, Lyu Tao 写道:

From: chenxiaosong (A) <chenxiaosong2@xxxxxxxxxx>
Sent: Thursday, May 5, 2022 4:48 AM
To: Lyu Tao
Cc: linux-nfs@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; bjschuma@xxxxxxxxxx; anna@xxxxxxxxxx; Trond Myklebust; liuyongqiang13@xxxxxxxxxx; yi.zhang@xxxxxxxxxx; zhangxiaoxu5@xxxxxxxxxx
Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag

"NVD Last Modified" date of CVE-2022-24448 is updated as 04/29/2022, but the content of the cve is old.
https://nvd.nist.gov/vuln/detail/CVE-2022-24448

Hi,

Thanks for reaching out.

I've requested to update the CVE description and they replied me that it would be updated yesterday. Maybe the system need some time to reflesh. Let's wait a few more days.

Best,
Tao.

.

Next message: Roberto Sassu: "RE: [PATCH 1/2] libbpf: Retry map access with read-only permission"
Previous message: Jens Axboe: "Re: [syzbot] UBSAN: array-index-out-of-bounds in io_submit_sqes"
In reply to: Lyu Tao: "Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]