Based on the description, it is inferred that the vulnerability stems from a memory leak in the ceph client’s ceph_mdsc_build_path() function. On error paths the function fails to free a path pointer returned by __getname(), allowing memory to accumulate. If an attacker can trigger these error conditions repeatedly, the kernel can consume excessive memory, potentially leading to a crash or degraded performance. The weakness is an improper resource handling issue (CWE-772). Severity lies in the potential for denial of service rather than direct code execution.

Based on the description, it is inferred that the defect resides in the Linux kernel’s ceph client module. Any kernel version that incorporates the ceph client and has not yet applied the patch is affected. Based on the description, it is inferred that no explicit version range is provided, so all kernels with ceph support likely contain the issue until the fix is applied.

Based on the description, it is inferred that the EPSS score is not published and the vulnerability is not listed in the CISA KEV catalog, suggesting that documented exploitation remains low at present. The CVSS score is 5.5, indicating a medium severity. However, because the flaw can be triggered by sending ceph requests that provoke an error code path, it is inferred that an attacker with network access to a Ceph‑enabled server could potentially induce memory exhaustion. Without the patch, the risk is moderate to high, especially in environments with high ceph traffic or where resource limits are not enforced.