VULNERABILITY

Rocky Linux: CVE-2024-40998: kernel (Multiple Advisories)

Try Surface Command Get a continuous 360° view of your attack surface

Back to Search

Rocky Linux: CVE-2024-40998: kernel (Multiple Advisories)

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

07/12/2024

Created

10/03/2024

Added

10/02/2024

Modified

02/20/2025

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() In the following concurrency we will access the uninitialized rs->lock: ext4_fill_super ext4_register_sysfs // sysfs registered msg_ratelimit_interval_ms // Other processes modify rs->interval to // non-zero via msg_ratelimit_interval_ms ext4_orphan_cleanup ext4_msg(sb, KERN_INFO, "Errors on filesystem, " __ext4_msg ___ratelimit(&(EXT4_SB(sb)->s_msg_ratelimit_state) if (!rs->interval) // do nothing if interval is 0 return 1; raw_spin_trylock_irqsave(&rs->lock, flags) raw_spin_trylock(lock) _raw_spin_trylock __raw_spin_trylock spin_acquire(&lock->dep_map, 0, 1, _RET_IP_) lock_acquire __lock_acquire register_lock_class assign_lock_key dump_stack(); ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10); raw_spin_lock_init(&rs->lock); // init rs->lock here and get the following dump_stack: ========================================================= INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504 [...] Call Trace: dump_stack_lvl+0xc5/0x170 dump_stack+0x18/0x30 register_lock_class+0x740/0x7c0 __lock_acquire+0x69/0x13a0 lock_acquire+0x120/0x450 _raw_spin_trylock+0x98/0xd0 ___ratelimit+0xf6/0x220 __ext4_msg+0x7f/0x160 [ext4] ext4_orphan_cleanup+0x665/0x740 [ext4] __ext4_fill_super+0x21ea/0x2b10 [ext4] ext4_fill_super+0x14d/0x360 [ext4] [...] ========================================================= Normally interval is 0 until s_msg_ratelimit_state is initialized, so ___ratelimit() does nothing. But registering sysfs precedes initializing rs->lock, so it is possible to change rs->interval to a non-zero value via the msg_ratelimit_interval_ms interface of sysfs while rs->lock is uninitialized, and then a call to ext4_msg triggers the problem by accessing an uninitialized rs->lock. Therefore register sysfs after all initializations are complete to avoid such problems.

Solution(s)

rocky-upgrade-bpftool
rocky-upgrade-bpftool-debuginfo
rocky-upgrade-kernel
rocky-upgrade-kernel-core
rocky-upgrade-kernel-cross-headers
rocky-upgrade-kernel-debug
rocky-upgrade-kernel-debug-core
rocky-upgrade-kernel-debug-debuginfo
rocky-upgrade-kernel-debug-devel
rocky-upgrade-kernel-debug-devel-matched
rocky-upgrade-kernel-debug-modules
rocky-upgrade-kernel-debug-modules-core
rocky-upgrade-kernel-debug-modules-extra
rocky-upgrade-kernel-debug-uki-virt
rocky-upgrade-kernel-debuginfo
rocky-upgrade-kernel-devel
rocky-upgrade-kernel-devel-matched
rocky-upgrade-kernel-headers
rocky-upgrade-kernel-modules
rocky-upgrade-kernel-modules-core
rocky-upgrade-kernel-modules-extra
rocky-upgrade-kernel-rt
rocky-upgrade-kernel-rt-core
rocky-upgrade-kernel-rt-debug
rocky-upgrade-kernel-rt-debug-core
rocky-upgrade-kernel-rt-debug-debuginfo
rocky-upgrade-kernel-rt-debug-devel
rocky-upgrade-kernel-rt-debug-kvm
rocky-upgrade-kernel-rt-debug-modules
rocky-upgrade-kernel-rt-debug-modules-core
rocky-upgrade-kernel-rt-debug-modules-extra
rocky-upgrade-kernel-rt-debuginfo
rocky-upgrade-kernel-rt-debuginfo-common-x86_64
rocky-upgrade-kernel-rt-devel
rocky-upgrade-kernel-rt-kvm
rocky-upgrade-kernel-rt-modules
rocky-upgrade-kernel-rt-modules-core
rocky-upgrade-kernel-rt-modules-extra
rocky-upgrade-kernel-tools
rocky-upgrade-kernel-tools-debuginfo
rocky-upgrade-kernel-tools-libs
rocky-upgrade-kernel-tools-libs-devel
rocky-upgrade-kernel-uki-virt
rocky-upgrade-kernel-zfcpdump
rocky-upgrade-kernel-zfcpdump-core
rocky-upgrade-kernel-zfcpdump-debuginfo
rocky-upgrade-kernel-zfcpdump-devel
rocky-upgrade-kernel-zfcpdump-devel-matched
rocky-upgrade-kernel-zfcpdump-modules
rocky-upgrade-kernel-zfcpdump-modules-core
rocky-upgrade-kernel-zfcpdump-modules-extra
rocky-upgrade-libperf
rocky-upgrade-libperf-debuginfo
rocky-upgrade-perf
rocky-upgrade-perf-debuginfo
rocky-upgrade-python3-perf
rocky-upgrade-python3-perf-debuginfo
rocky-upgrade-rtla
rocky-upgrade-rv

References

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

VULNERABILITY

Rocky Linux: CVE-2024-40998: kernel (Multiple Advisories)

Rocky Linux: CVE-2024-40998: kernel (Multiple Advisories)

Description

Solution(s)

References

Submit your information and we will get in touch with you.

Thank you for contacting us.

We will be in touch shortly.