CVE-2024-35882

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a slow server-side memory leak in the SUNRPC component of the Linux kernel when using RPC-over-TCP. This leak occurs because the sock sendmsg() function does not release all pages in the underlying bio vec array as assumed, specifically the record marker page fragment which is never released by svc xprt release(). This can lead to memory exhaustion, particularly affecting small NFS servers after just a few days. A narrow fix is available for stable kernels, with a more extensive fix in development.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.