From: "chenxiaosong (A)" <chenxiaosong2@huawei.com>
To: Lyu Tao <tao.lyu@epfl.ch>
Cc: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"bjschuma@netapp.com" <bjschuma@netapp.com>,
"anna@kernel.org" <anna@kernel.org>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
"liuyongqiang13@huawei.com" <liuyongqiang13@huawei.com>,
"yi.zhang@huawei.com" <yi.zhang@huawei.com>,
"zhangxiaoxu5@huawei.com" <zhangxiaoxu5@huawei.com>
Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
Date: Tue, 31 May 2022 16:47:00 +0800 [thread overview]
Message-ID: <7e1c6bd7-e97e-7a94-662d-481d94c0d1d9@huawei.com> (raw)
In-Reply-To: <0a0ed6d1f34f49a9b847cb2891876d27@epfl.ch>
I do not know other ways to update the description, you can try to send
email to CVE-Request@mitre.org again.
在 2022/5/31 16:16, Lyu Tao 写道:
> Hi Xiaosong,
>
> I sent the first email on 05.05.2022 to CVE-Request@mitre.org to require them update the description with the following information. They replied that they will update the information within that day. However, they didn't updated the description and then I sent the second email and they didn't reply me.
>
> Do you know any other ways to update the description.
>
>
> "I need to update the CVE description as below:
> After secondly opening a file with O_ACCMODE|O_DIRECT flags, nfs4_valid_open_stateid() will dereference NULL nfs4_state when lseek().
> And its references should be updated as this:
> https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a "
>
> Best,
> Tao
>
>> From: chenxiaosong (A) <chenxiaosong2@huawei.com>
>> Sent: Tuesday, May 31, 2022 8:40 AM
>> To: Lyu Tao
>> Cc: linux-nfs@vger.kernel.org; linux-kernel@vger.kernel.org; bjschuma@netapp.com; anna@kernel.org; Trond Myklebust; liuyongqiang13@huawei.com; yi.zhang@huawei.com; zhangxiaoxu5@huawei.com
>> Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
>>
>> Hi Tao:
>>
>> "NVD Last Modified" date of
>> [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) is
>> already updated to 05/12/2022, but the description of the cve is still
>> wrong, and the hyperlink of [unrelated patch: NFSv4: Handle case where
>> the lookup of a directory
>> fails](https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf)
>> is still shown in the web.
>>
>> There is two fix patches of the cve, the web just show one of my patches.
>>
>> one patch is already shown in the web: [Revert "NFSv4: Handle the
>> special Linux file open access
>> mode"](https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a)
>>
>> second patch is not shown in the web: [NFSv4: fix open failure with
>> O_ACCMODE
>> flag](https://github.com/torvalds/linux/commit/b243874f6f9568b2daf1a00e9222cacdc15e159c)
>>
>> 在 2022/5/6 15:40, Lyu Tao 写道:
>>>> From: chenxiaosong (A) <chenxiaosong2@huawei.com>
>>>> Sent: Thursday, May 5, 2022 4:48 AM
>>>> To: Lyu Tao
>>>> Cc: linux-nfs@vger.kernel.org; linux-kernel@vger.kernel.org; bjschuma@netapp.com; anna@kernel.org; Trond Myklebust; liuyongqiang13@huawei.com; yi.zhang@huawei.com; zhangxiaoxu5@huawei.com
>>>> Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
>>>
>>>> "NVD Last Modified" date of CVE-2022-24448 is updated as 04/29/2022, but the content of the cve is old.
>>>> https://nvd.nist.gov/vuln/detail/CVE-2022-24448
>>>
>>> Hi,
>>>
>>> Thanks for reaching out.
>>>
>>> I've requested to update the CVE description and they replied me that it would be updated yesterday. Maybe the system need some time to reflesh. Let's wait a few more days.
>>>
>>> Best,
>>> Tao.
>>>
>
>
>
>
>
>
> .
>
prev parent reply other threads:[~2022-05-31 8:47 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-29 11:32 [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag ChenXiaoSong
2022-03-29 11:32 ` [PATCH -next 1/2] Revert "NFSv4: Handle the special Linux file open access mode" ChenXiaoSong
2022-03-29 11:32 ` [PATCH -next 2/2] NFSv4: fix open failure with O_ACCMODE flag ChenXiaoSong
2022-03-29 13:05 ` Trond Myklebust
2022-03-29 13:44 ` chenxiaosong (A)
2022-03-29 13:56 ` Trond Myklebust
2022-03-29 14:32 ` [PATCH -next 0/2] fix nfsv4 bugs of opening " chenxiaosong (A)
[not found] ` <e0c2d7ec62b447cabddbc8a9274be955@epfl.ch>
2022-04-13 13:42 ` chenxiaosong (A)
2022-04-13 14:05 ` chenxiaosong (A)
2022-04-13 14:34 ` chenxiaosong (A)
[not found] ` <3ee78045f18b4932b1651de776ee73c4@epfl.ch>
2022-04-13 14:42 ` chenxiaosong (A)
[not found] ` <55415e44b4b04bbfa66c42d5f2788384@epfl.ch>
2022-04-14 2:41 ` chenxiaosong (A)
2022-04-14 7:33 ` Lyu Tao
2022-05-05 2:48 ` chenxiaosong (A)
2022-05-06 7:40 ` Lyu Tao
2022-05-31 6:40 ` chenxiaosong (A)
2022-05-31 8:16 ` Lyu Tao
2022-05-31 8:47 ` chenxiaosong (A) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7e1c6bd7-e97e-7a94-662d-481d94c0d1d9@huawei.com \
--to=chenxiaosong2@huawei.com \
--cc=anna@kernel.org \
--cc=bjschuma@netapp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=liuyongqiang13@huawei.com \
--cc=tao.lyu@epfl.ch \
--cc=trond.myklebust@hammerspace.com \
--cc=yi.zhang@huawei.com \
--cc=zhangxiaoxu5@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.