CVE-2024-53685

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-53685
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53685.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-53685
Downstream
Related
Published
2025-01-11T12:35:40.252Z
Modified
2026-03-20T12:40:51.493915Z
Summary
ceph: give up on paths longer than PATH_MAX
Details

In the Linux kernel, the following vulnerability has been resolved:

ceph: give up on paths longer than PATH_MAX

If the full path to be built by cephmdscbuildpath() happens to be longer than PATHMAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability.

I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and fail with ENAMETOOLONG instead.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53685.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9030aaf9bf0a1eee47a154c316c789e959638b0f
Fixed
0f2b2d9e881c90402dbe28f9ba831775b7992e1f
Fixed
d42ad3f161a5a487f81915c406f46943c7187a0a
Fixed
e4b168c64da06954be5d520f6c16469b1cadc069
Fixed
c47ed91156daf328601d02b58d52d9804da54108
Fixed
99a37ab76a315c8307eb5b0dc095d8ad9d8efeaa
Fixed
550f7ca98ee028a606aa75705a7e77b1bd11720f

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53685.json"