Normally interval is 0 until s_msg_ratelimit_state is initialized, so
___ratelimit() does nothing. But registering sysfs precedes initializing
rs->lock, so it is possible to change rs->interval to a non-zero value
via the msg_ratelimit_interval_ms interface of sysfs while rs->lock is
uninitialized, and then a call to ext4_msg triggers the problem by
accessing an uninitialized rs->lock. Therefore register sysfs after all
initializations are complete to avoid such problems.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
git.kernel.org/linus/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c (6.10-rc1)
git.kernel.org/stable/c/23afcd52af06880c6c913a0ad99022b8937b575c
git.kernel.org/stable/c/645267906944a9aeec9d5c56ee24a9096a288798
git.kernel.org/stable/c/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c
launchpad.net/bugs/cve/CVE-2024-40998
nvd.nist.gov/vuln/detail/CVE-2024-40998
security-tracker.debian.org/tracker/CVE-2024-40998
www.cve.org/CVERecord?id=CVE-2024-40998