CVE-2024-53685
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53685
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53685.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53685
- Downstream
- Related
- Published
- 2025-01-11T13:15:25Z
- Modified
- 2025-08-09T20:01:28Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ceph: give up on paths longer than PATH_MAX
If the full path to be built by cephmdscbuildpath() happens to be longer than PATHMAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability.
I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and fail with ENAMETOOLONG instead.
- References
-
- https://git.kernel.org/stable/c/0f2b2d9e881c90402dbe28f9ba831775b7992e1f
- https://git.kernel.org/stable/c/550f7ca98ee028a606aa75705a7e77b1bd11720f
- https://git.kernel.org/stable/c/99a37ab76a315c8307eb5b0dc095d8ad9d8efeaa
- https://git.kernel.org/stable/c/c47ed91156daf328601d02b58d52d9804da54108
- https://git.kernel.org/stable/c/d42ad3f161a5a487f81915c406f46943c7187a0a
- https://git.kernel.org/stable/c/e4b168c64da06954be5d520f6c16469b1cadc069