CVE-2024-53685
📋 TL;DR
A denial-of-service vulnerability in the Linux kernel's Ceph filesystem driver where ceph_mdsc_build_path() enters an endless retry loop when processing paths longer than PATH_MAX, making affected systems unusable. This affects Linux systems using Ceph filesystem mounts. The vulnerability allows attackers to cause system-wide unavailability with specially crafted long paths.
💻 Affected Systems
- Linux kernel with Ceph filesystem support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system unavailability requiring hard reboot, with potential data loss or corruption if filesystem operations are interrupted.
Likely Case
Targeted system becomes unresponsive, requiring manual intervention to restore service, causing service disruption.
If Mitigated
Limited impact if systems are patched or don't use Ceph filesystems; fails gracefully with ENAMETOOLONG error.
🎯 Exploit Status
Exploitation requires ability to create or access paths on Ceph filesystem; trivial to trigger once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 0f2b2d9e881c, 550f7ca98ee0, 99a37ab76a31, c47ed91156da, d42ad3f161a5 applied
Vendor Advisory: https://git.kernel.org/stable/c/0f2b2d9e881c90402dbe28f9ba831775b7992e1f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the Ceph fix commits. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable Ceph filesystem
linuxRemove or unmount Ceph filesystems if not required
umount /path/to/ceph/mount
modprobe -r ceph
Restrict Ceph access
linuxLimit who can create files/directories on Ceph mounts
chmod 700 /path/to/ceph/mount
setfacl -m u:username:rwx /path/to/ceph/mount
🧯 If You Can't Patch
- Monitor Ceph mount points for unusual path creation activity
- Implement strict access controls on Ceph filesystems to limit potential attackers
🔍 How to Verify
Check if Vulnerable:
Check if Ceph filesystem is mounted: 'mount | grep ceph' and check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test with long path creation on Ceph mount📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing task stuck in D state
- System becoming unresponsive with high load
- Ceph client logs showing path errors
Network Indicators:
- Unusual Ceph client disconnections
- Ceph cluster showing hung clients
SIEM Query:
source="kernel" AND "D state" OR "hung task" AND "ceph"🔗 References
- https://git.kernel.org/stable/c/0f2b2d9e881c90402dbe28f9ba831775b7992e1f
- https://git.kernel.org/stable/c/550f7ca98ee028a606aa75705a7e77b1bd11720f
- https://git.kernel.org/stable/c/99a37ab76a315c8307eb5b0dc095d8ad9d8efeaa
- https://git.kernel.org/stable/c/c47ed91156daf328601d02b58d52d9804da54108
- https://git.kernel.org/stable/c/d42ad3f161a5a487f81915c406f46943c7187a0a
- https://git.kernel.org/stable/c/e4b168c64da06954be5d520f6c16469b1cadc069
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
