{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-35882", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.112Z", "datePublished": "2024-05-19T08:34:39.185Z", "dateUpdated": "2026-05-11T20:13:03.890Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:13:03.890Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a slow server-side memory leak with RPC-over-TCP\n\nJan Schunk reports that his small NFS servers suffer from memory\nexhaustion after just a few days. A bisect shows that commit\ne18e157bb5c8 (\"SUNRPC: Send RPC message on TCP with a single\nsock_sendmsg() call\") is the first bad commit.\n\nThat commit assumed that sock_sendmsg() releases all the pages in\nthe underlying bio_vec array, but the reality is that it doesn't.\nsvc_xprt_release() releases the rqst's response pages, but the\nrecord marker page fragment isn't one of those, so it is never\nreleased.\n\nThis is a narrow fix that can be applied to stable kernels. A\nmore extensive fix is in the works."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sunrpc/svcsock.c"], "versions": [{"version": "e18e157bb5c8c1cd8a9ba25acfdcf4f3035836f4", "lessThan": "1ba1291172f935e6b6fe703161a948f3347400b8", "status": "affected", "versionType": "git"}, {"version": "e18e157bb5c8c1cd8a9ba25acfdcf4f3035836f4", "lessThan": "a2ebedf7bcd17a1194a0a18122c885eb578ee882", "status": "affected", "versionType": "git"}, {"version": "e18e157bb5c8c1cd8a9ba25acfdcf4f3035836f4", "lessThan": "05258a0a69b3c5d2c003f818702c0a52b6fea861", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sunrpc/svcsock.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.6.26"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.8.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1ba1291172f935e6b6fe703161a948f3347400b8"}, {"url": "https://git.kernel.org/stable/c/a2ebedf7bcd17a1194a0a18122c885eb578ee882"}, {"url": "https://git.kernel.org/stable/c/05258a0a69b3c5d2c003f818702c0a52b6fea861"}], "title": "SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35882", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-20T17:12:02.633258Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:45.656Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.421Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/1ba1291172f935e6b6fe703161a948f3347400b8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a2ebedf7bcd17a1194a0a18122c885eb578ee882", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/05258a0a69b3c5d2c003f818702c0a52b6fea861", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35882", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.112Z", "datePublished": "2024-05-19T08:34:39.185Z", "dateUpdated": "2024-06-04T17:34:45.656Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:30:37.790Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a slow server-side memory leak with RPC-over-TCP\n\nJan Schunk reports that his small NFS servers suffer from memory\nexhaustion after just a few days. A bisect shows that commit\ne18e157bb5c8 (\"SUNRPC: Send RPC message on TCP with a single\nsock_sendmsg() call\") is the first bad commit.\n\nThat commit assumed that sock_sendmsg() releases all the pages in\nthe underlying bio_vec array, but the reality is that it doesn't.\nsvc_xprt_release() releases the rqst's response pages, but the\nrecord marker page fragment isn't one of those, so it is never\nreleased.\n\nThis is a narrow fix that can be applied to stable kernels. A\nmore extensive fix is in the works."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sunrpc/svcsock.c"], "versions": [{"version": "e18e157bb5c8", "lessThan": "1ba1291172f9", "status": "affected", "versionType": "git"}, {"version": "e18e157bb5c8", "lessThan": "a2ebedf7bcd1", "status": "affected", "versionType": "git"}, {"version": "e18e157bb5c8", "lessThan": "05258a0a69b3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sunrpc/svcsock.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/1ba1291172f935e6b6fe703161a948f3347400b8"}, {"url": "https://git.kernel.org/stable/c/a2ebedf7bcd17a1194a0a18122c885eb578ee882"}, {"url": "https://git.kernel.org/stable/c/05258a0a69b3c5d2c003f818702c0a52b6fea861"}], "title": "SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35882", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-20T17:12:02.633258Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.019Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a slow server-side memory leak with RPC-over-TCP\n\nJan Schunk reports that his small NFS servers suffer from memory\nexhaustion after just a few days. A bisect shows that commit\ne18e157bb5c8 (\"SUNRPC: Send RPC message on TCP with a single\nsock_sendmsg() call\") is the first bad commit.\n\nThat commit assumed that sock_sendmsg() releases all the pages in\nthe underlying bio_vec array, but the reality is that it doesn't.\nsvc_xprt_release() releases the rqst's response pages, but the\nrecord marker page fragment isn't one of those, so it is never\nreleased.\n\nThis is a narrow fix that can be applied to stable kernels. A\nmore extensive fix is in the works."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Revertir \"drm/amd/display: Enviar mensaje de desactivaci\u00f3n DTBCLK en la primera confirmaci\u00f3n\" Esto revierte la confirmaci\u00f3n f341055b10bd8be55c3c995dff5f770b236b8ca9. Se observ\u00f3 un bloqueo del sistema; se cree que este compromiso es el punto de regresi\u00f3n."}], "id": "CVE-2024-35882", "lastModified": "2024-11-21T09:21:07.143", "metrics": {}, "published": "2024-05-19T09:15:09.447", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/05258a0a69b3c5d2c003f818702c0a52b6fea861"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1ba1291172f935e6b6fe703161a948f3347400b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a2ebedf7bcd17a1194a0a18122c885eb578ee882"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/05258a0a69b3c5d2c003f818702c0a52b6fea861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/1ba1291172f935e6b6fe703161a948f3347400b8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/a2ebedf7bcd17a1194a0a18122c885eb578ee882"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP", "id": "2281708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281708"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nSUNRPC: Fix a slow server-side memory leak with RPC-over-TCP\nJan Schunk reports that his small NFS servers suffer from memory\nexhaustion after just a few days. A bisect shows that commit\ne18e157bb5c8 (\"SUNRPC: Send RPC message on TCP with a single\nsock_sendmsg() call\") is the first bad commit.\nThat commit assumed that sock_sendmsg() releases all the pages in\nthe underlying bio_vec array, but the reality is that it doesn't.\nsvc_xprt_release() releases the rqst's response pages, but the\nrecord marker page fragment isn't one of those, so it is never\nreleased.\nThis is a narrow fix that can be applied to stable kernels. A\nmore extensive fix is in the works.", "A memory leak vulnerability was found in the Linux kernel's SUNRPC implementation for RPC-over-TCP. The issue occurs because the `sock_sendmsg()` function does not release all memory pages in the underlying `bio_vec` array, causing a slow memory leak that affects servers using NFS and can lead to memory exhaustion over time."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35882", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35882\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35882\nhttps://lore.kernel.org/linux-cve-announce/2024051945-CVE-2024-35882-f7cf@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}