CVE-2024-35882

Published: May 19, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports that his small NFS servers suffer from memory exhaustion after just a few days. A bisect shows that commit e18e157bb5c8 ("SUNRPC: Send RPC message on TCP with a single sock_sendmsg() call") is the first bad commit. That commit assumed that sock_sendmsg() releases all the pages in the underlying bio_vec array, but the reality is that it doesn't. svc_xprt_release() releases the rqst's response pages, but the record marker page fragment isn't one of those, so it is never released. This is a narrow fix that can be applied to stable kernels. A more extensive fix is in the works.

Vendor	Product	Versions
Linux	Linux	affected `e18e157bb5c8c1cd8a9ba25acfdcf4f3035836f4 - < 1ba1291172f935e6b6fe703161a948f3347400b8` affected `e18e157bb5c8c1cd8a9ba25acfdcf4f3035836f4 - < a2ebedf7bcd17a1194a0a18122c885eb578ee882` affected `e18e157bb5c8c1cd8a9ba25acfdcf4f3035836f4 - < 05258a0a69b3c5d2c003f818702c0a52b6fea861`
Linux	Linux	affected `6.6` unaffected `0 - < 6.6` unaffected `6.6.26 - <= 6.6.` unaffected `6.8.5 - <= 6.8.` unaffected `6.9 - <= *`

References

https://git.kernel.org/stable/c/1ba1291172f935e6b6fe703161a948f3347400b8

https://git.kernel.org/stable/c/a2ebedf7bcd17a1194a0a18122c885eb578ee882

https://git.kernel.org/stable/c/05258a0a69b3c5d2c003f818702c0a52b6fea861

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-35882

Description

Affected Products

References