CVE-2024-35882

CVE-2024-35882 affects the Linux kernel SUNRPC over TCP. A bad commit (e18e157bb5c8) caused a memory leak: sock_sendmsg() doesn’t release all pages in bio_vec, leaving the record-marker fragment unreleased and enabling server-side memory exhaustion in some NFS setups. A narrow fix was implemented...