In the Linux kernel, the following vulnerability has been resolved: SUNRPC:
Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports
that his small NFS servers suffer from memory exhaustion after just a few
days. A bisect shows that commit e18e157bb5c8 (“SUNRPC: Send RPC message on
TCP with a single sock_sendmsg() call”) is the first bad commit. That
commit assumed that sock_sendmsg() releases all the pages in the underlying
bio_vec array, but the reality is that it doesn’t. svc_xprt_release()
releases the rqst’s response pages, but the record marker page fragment
isn’t one of those, so it is never released. This is a narrow fix that can
be applied to stable kernels. A more extensive fix is in the works.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | linux | < 6.8.0-38.38 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1011.12 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < 6.8.0-1010.10 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gcp | < 6.8.0-1010.11 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < 6.8.0-1006.9 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-ibm | < 6.8.0-1008.8 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-intel | < 6.8.0-1007.14 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-lowlatency | < 6.8.0-38.38.1 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-nvidia | < 6.8.0-1009.9 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-oem-6.8 | < 6.8.0-1008.8 | UNKNOWN |
git.kernel.org/linus/05258a0a69b3c5d2c003f818702c0a52b6fea861 (6.9-rc3)
git.kernel.org/stable/c/05258a0a69b3c5d2c003f818702c0a52b6fea861
git.kernel.org/stable/c/1ba1291172f935e6b6fe703161a948f3347400b8
git.kernel.org/stable/c/a2ebedf7bcd17a1194a0a18122c885eb578ee882
launchpad.net/bugs/cve/CVE-2024-35882
nvd.nist.gov/vuln/detail/CVE-2024-35882
security-tracker.debian.org/tracker/CVE-2024-35882
ubuntu.com/security/notices/USN-6893-1
ubuntu.com/security/notices/USN-6893-2
ubuntu.com/security/notices/USN-6893-3
ubuntu.com/security/notices/USN-6918-1
www.cve.org/CVERecord?id=CVE-2024-35882