| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 May 2022 16:47:00 +0800
From: "chenxiaosong (A)" <chenxiaosong2@...wei.com>
To: Lyu Tao <tao.lyu@...l.ch>
CC: "linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"bjschuma@...app.com" <bjschuma@...app.com>,
"anna@...nel.org" <anna@...nel.org>,
Trond Myklebust <trond.myklebust@...merspace.com>,
"liuyongqiang13@...wei.com" <liuyongqiang13@...wei.com>,
"yi.zhang@...wei.com" <yi.zhang@...wei.com>,
"zhangxiaoxu5@...wei.com" <zhangxiaoxu5@...wei.com>
Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
I do not know other ways to update the description, you can try to send
email to CVE-Request@...re.org again.
在 2022/5/31 16:16, Lyu Tao 写道:
> Hi Xiaosong,
>
> I sent the first email on 05.05.2022 to CVE-Request@...re.org to require them update the description with the following information. They replied that they will update the information within that day. However, they didn't updated the description and then I sent the second email and they didn't reply me.
>
> Do you know any other ways to update the description.
>
>
> "I need to update the CVE description as below:
> After secondly opening a file with O_ACCMODE|O_DIRECT flags, nfs4_valid_open_stateid() will dereference NULL nfs4_state when lseek().
> And its references should be updated as this:
> https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a "
>
> Best,
> Tao
>
>> From: chenxiaosong (A) <chenxiaosong2@...wei.com>
>> Sent: Tuesday, May 31, 2022 8:40 AM
>> To: Lyu Tao
>> Cc: linux-nfs@...r.kernel.org; linux-kernel@...r.kernel.org; bjschuma@...app.com; anna@...nel.org; Trond Myklebust; liuyongqiang13@...wei.com; yi.zhang@...wei.com; zhangxiaoxu5@...wei.com
>> Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
>>
>> Hi Tao:
>>
>> "NVD Last Modified" date of
>> [CVE-2022-24448](https://nvd.nist.gov/vuln/detail/CVE-2022-24448) is
>> already updated to 05/12/2022, but the description of the cve is still
>> wrong, and the hyperlink of [unrelated patch: NFSv4: Handle case where
>> the lookup of a directory
>> fails](https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf)
>> is still shown in the web.
>>
>> There is two fix patches of the cve, the web just show one of my patches.
>>
>> one patch is already shown in the web: [Revert "NFSv4: Handle the
>> special Linux file open access
>> mode"](https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a)
>>
>> second patch is not shown in the web: [NFSv4: fix open failure with
>> O_ACCMODE
>> flag](https://github.com/torvalds/linux/commit/b243874f6f9568b2daf1a00e9222cacdc15e159c)
>>
>> 在 2022/5/6 15:40, Lyu Tao 写道:
>>>> From: chenxiaosong (A) <chenxiaosong2@...wei.com>
>>>> Sent: Thursday, May 5, 2022 4:48 AM
>>>> To: Lyu Tao
>>>> Cc: linux-nfs@...r.kernel.org; linux-kernel@...r.kernel.org; bjschuma@...app.com; anna@...nel.org; Trond Myklebust; liuyongqiang13@...wei.com; yi.zhang@...wei.com; zhangxiaoxu5@...wei.com
>>>> Subject: Re: [PATCH -next 0/2] fix nfsv4 bugs of opening with O_ACCMODE flag
>>>
>>>> "NVD Last Modified" date of CVE-2022-24448 is updated as 04/29/2022, but the content of the cve is old.
>>>> https://nvd.nist.gov/vuln/detail/CVE-2022-24448
>>>
>>> Hi,
>>>
>>> Thanks for reaching out.
>>>
>>> I've requested to update the CVE description and they replied me that it would be updated yesterday. Maybe the system need some time to reflesh. Let's wait a few more days.
>>>
>>> Best,
>>> Tao.
>>>
>
>
>
>
>
>
> .
>
Powered by blists - more mailing lists