CVE-2024-35882

May 19, 2024, 9:15 a.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports that his small NFS servers suffer from memory exhaustion after just a few days. A bisect shows that commit e18e157bb5c8 ("SUNRPC: Send RPC message on TCP with a single sock_sendmsg() call") is the first bad commit. That commit assumed that sock_sendmsg() releases all the pages in the underlying bio_vec array, but the reality is that it doesn't. svc_xprt_release() releases the rqst's response pages, but the record marker page fragment isn't one of those, so it is never released. This is a narrow fix that can be applied to stable kernels. A more extensive fix is in the works.

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/05258a0a69b3c5d2c003f818702c0a52b6fea861
https://git.kernel.org/stable/c/1ba1291172f935e6b6fe703161a948f3347400b8
https://git.kernel.org/stable/c/a2ebedf7bcd17a1194a0a18122c885eb578ee882

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-19
CVE-2024-35882

Timeline

Published: May 19, 2024, 9:15 a.m.
Last Modified: May 19, 2024, 9:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.