DoS Vulnerability in Linux Kernel Affecting Ceph
CVE-2024-53685

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

What is CVE-2024-53685?

In the Linux kernel, a vulnerability in the Ceph file system allows for a denial of service scenario when the function ceph_mdsc_build_path() attempts to construct a path exceeding the system's PATH_MAX limit. This oversight results in an infinite retry loop, rendering the system largely unusable as tasks are blocked indefinitely. As a mitigation, it is proposed to remove the retry mechanism and return an ENAMETOOLONG error instead, effectively preventing the system from becoming unresponsive under such conditions.

Affected Version(s)

Linux 9030aaf9bf0a1eee47a154c316c789e959638b0f < 0f2b2d9e881c90402dbe28f9ba831775b7992e1f

Linux 9030aaf9bf0a1eee47a154c316c789e959638b0f

References

https://git.kernel.org/stable/c/0f2b2d9e881c90402dbe28f9b...

https://git.kernel.org/stable/c/d42ad3f161a5a487f81915c40...

https://git.kernel.org/stable/c/e4b168c64da06954be5d520f6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025