CVE-2024-35882 is a vulnerability identified in the Linux kernel's SUNRPC subsystem, specifically affecting the handling of RPC-over-TCP communications. The issue arises from a memory leak on the server side of small NFS (Network File System) servers. The root cause is linked to a kernel commit (e18e157bb5c8) that changed the way RPC messages are sent over TCP, using a single sock_sendmsg() call. This commit incorrectly assumed that sock_sendmsg() would release all memory pages associated with the underlying bio_vec array. However, it does not release the record marker page fragment, which is part of the RPC message but not accounted for in the usual release process. As a result, this fragment remains allocated, causing a slow but persistent memory leak. Over time, this leak can lead to memory exhaustion on affected servers, particularly those running small NFS services, potentially causing degraded performance or service outages. The fix involves explicitly releasing the record marker page fragment to prevent the leak. This fix is narrow and applicable to stable kernel versions, with a more comprehensive fix planned. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, especially those relying on Linux-based NFS servers for file sharing and storage services, this vulnerability poses a risk of resource exhaustion leading to denial of service conditions. Memory leaks, while not directly exploitable for code execution or privilege escalation, can degrade system stability and availability over time. This can impact critical infrastructure, enterprise file servers, and cloud services that depend on Linux kernel SUNRPC functionality. Organizations with smaller NFS deployments or embedded Linux devices acting as NFS servers are particularly vulnerable, as these systems may have limited memory resources and less frequent maintenance cycles. The gradual nature of the leak means the impact might not be immediately apparent, complicating detection and response. In sectors such as finance, manufacturing, and government within Europe, where Linux servers are prevalent, prolonged outages or degraded performance could disrupt operations and data availability.

European organizations should prioritize patching affected Linux kernel versions as soon as updates become available from their Linux distribution vendors. Since the fix is narrow and applicable to stable kernels, applying these patches promptly will prevent the memory leak from occurring. In the interim, monitoring memory usage on NFS servers running RPC-over-TCP is critical to detect abnormal growth indicative of the leak. Implementing automated alerts for unusual memory consumption can help trigger timely investigation and remediation. Organizations should also review their NFS server configurations to assess whether RPC-over-TCP is necessary or if alternative protocols or configurations can reduce exposure. For embedded or less frequently updated systems, consider scheduled reboots or memory cleanup procedures to mitigate the slow leak until patches are applied. Additionally, maintaining robust backup and recovery processes will help minimize operational impact if service degradation occurs.