{"vulnerability": "cve-2024-40998", "sightings": [{"uuid": "d94175aa-1ed1-4fde-aeff-c8219351bf37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-40998", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "8d56b26b-9534-4181-9e38-ef2606200d96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-40998", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "db7cd2a5-ad31-42e4-b8b1-cceec68afecd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40998", "type": "seen", "source": "https://t.me/cvedetector/740", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-40998 - In the Linux kernel, the following vulnerability h\", \n \"Content\": \"CVE ID : CVE-2024-40998 \nPublished : July 12, 2024, 1:15 p.m. | 39\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \next4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() \n \nIn the following concurrency we will access the uninitialized rs->lock: \n \next4_fill_super \n ext4_register_sysfs \n // sysfs registered msg_ratelimit_interval_ms \n // Other processes modify rs->interval to \n // non-zero via msg_ratelimit_interval_ms \n ext4_orphan_cleanup \n ext4_msg(sb, KERN_INFO, \"Errors on filesystem, \" \n __ext4_msg \n ___ratelimit(&(EXT4_SB(sb)->s_msg_ratelimit_state) \n if (!rs->interval) // do nothing if interval is 0 \n return 1; \n raw_spin_trylock_irqsave(&rs->lock, flags) \n raw_spin_trylock(lock) \n _raw_spin_trylock \n __raw_spin_trylock \n spin_acquire(&lock->dep_map, 0, 1, _RET_IP_) \n lock_acquire \n __lock_acquire \n register_lock_class \n assign_lock_key \n dump_stack(); \n ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10); \n raw_spin_lock_init(&rs->lock); \n // init rs->lock here \n \nand get the following dump_stack: \n \n========================================================= \nINFO: trying to register non-static key. \nThe code is fine but needs lockdep annotation, or maybe \nyou didn't initialize this object before use? \nturning off the locking correctness validator. \nCPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504 \n[...] \nCall Trace: \n dump_stack_lvl+0xc5/0x170 \n dump_stack+0x18/0x30 \n register_lock_class+0x740/0x7c0 \n __lock_acquire+0x69/0x13a0 \n lock_acquire+0x120/0x450 \n _raw_spin_trylock+0x98/0xd0 \n ___ratelimit+0xf6/0x220 \n __ext4_msg+0x7f/0x160 [ext4] \n ext4_orphan_cleanup+0x665/0x740 [ext4] \n __ext4_fill_super+0x21ea/0x2b10 [ext4] \n ext4_fill_super+0x14d/0x360 [ext4] \n[...] \n========================================================= \n \nNormally interval is 0 until s_msg_ratelimit_state is initialized, so \n___ratelimit() does nothing. But registering sysfs precedes initializing \nrs->lock, so it is possible to change rs->interval to a non-zero value \nvia the msg_ratelimit_interval_ms interface of sysfs while rs->lock is \nuninitialized, and then a call to ext4_msg triggers the problem by \naccessing an uninitialized rs->lock. Therefore register sysfs after all \ninitializations are complete to avoid such problems. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"12 Jul 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-12T16:05:55.000000Z"}]}