CVE-2024-53685 is a denial-of-service (DoS) vulnerability identified in the Linux kernel's Ceph filesystem component. Specifically, the issue arises in the function ceph_mdsc_build_path(), which is responsible for constructing file paths within the Ceph distributed storage system. When the full path length exceeds the system-defined PATH_MAX limit, the function enters an infinite retry loop instead of failing gracefully. This loop effectively blocks the task attempting the operation, causing the affected process to hang indefinitely. Because this blocking occurs at the kernel level, it can render significant portions of the machine unusable, leading to a system-wide denial of service. The root cause is the retry mechanism implemented for overly long paths, which is unnecessary and harmful. The fix involves removing this retry loop and returning an ENAMETOOLONG error code when the path length exceeds PATH_MAX, thereby preventing the infinite loop and allowing the system to handle the error condition properly. This vulnerability affects Linux kernel versions containing the specified commit hash 9030aaf9bf0a1eee47a154c316c789e959638b0f, which corresponds to recent kernel builds incorporating the Ceph filesystem code. No known exploits are currently reported in the wild, but the vulnerability is straightforward to trigger by providing an excessively long path in Ceph, making it a simple yet effective DoS vector.

For European organizations, the impact of CVE-2024-53685 can be significant, especially for those relying on Ceph-based storage solutions within their Linux infrastructure. Ceph is widely used in enterprise environments for scalable, distributed storage, including cloud providers, research institutions, and large data centers. A successful exploitation can cause critical services dependent on Ceph storage to become unresponsive, leading to operational disruptions, data unavailability, and potential cascading failures in dependent applications. This is particularly concerning for sectors requiring high availability and data integrity, such as finance, healthcare, telecommunications, and government services. The DoS condition could be triggered remotely if an attacker has the ability to submit file path requests to Ceph storage nodes, potentially causing denial of service without requiring privileged access or complex exploitation techniques. Although this vulnerability does not directly lead to data corruption or unauthorized access, the loss of availability can have severe business continuity and compliance implications under regulations like GDPR, which mandate data availability and integrity.

To mitigate this vulnerability, European organizations should promptly apply the Linux kernel patches that remove the retry loop in ceph_mdsc_build_path() and enforce the ENAMETOOLONG error on excessive path lengths. System administrators should monitor Linux kernel updates and prioritize deploying the fixed kernel versions in environments running Ceph. Additionally, organizations should audit their Ceph configurations and usage patterns to identify any workflows or applications that might generate excessively long file paths and refactor them to comply with PATH_MAX limits. Implementing input validation at the application layer to prevent submission of overly long paths can reduce the risk of triggering this DoS condition. Network segmentation and access controls should be enforced to limit which users or systems can interact with Ceph storage nodes, reducing the attack surface. Finally, maintaining robust monitoring and alerting on Ceph node responsiveness and system resource usage can help detect early signs of exploitation attempts or system degradation.