Login Sign Up

CVE-2024-35882

5.5 MEDIUM
Denial of Service

📋 TL;DR

A memory leak vulnerability in the Linux kernel's SUNRPC implementation allows unprivileged remote attackers to cause memory exhaustion on NFS servers using RPC-over-TCP. This affects Linux systems running NFS servers with the vulnerable kernel code. The leak occurs when processing RPC messages, gradually consuming system memory until exhaustion.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions containing commit e18e157bb5c8 up to the fix commits
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using NFS with RPC-over-TCP. Systems not using NFS or using RPC-over-RDMA are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system memory exhaustion leading to denial of service, system crashes, and potential data loss on affected NFS servers.

🟠

Likely Case

Gradual memory consumption causing performance degradation and eventual service disruption on NFS servers after several days of operation.

🟢

If Mitigated

Minimal impact with proper monitoring and memory limits in place, though gradual degradation may still occur over time.

🌐 Internet-Facing: MEDIUM - NFS servers exposed to untrusted networks are vulnerable to memory exhaustion attacks from unauthenticated clients.
🏢 Internal Only: LOW - Internal NFS servers are less likely to be targeted but still vulnerable to accidental or malicious internal clients.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending RPC requests to vulnerable NFS servers. No authentication needed. The vulnerability is straightforward to trigger by normal NFS client operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with fixes: 05258a0a69b3c5d2c003f818702c0a52b6fea861, 1ba1291172f935e6b6fe703161a948f3347400b8, a2ebedf7bcd17a1194a0a18122c885eb578ee882

Vendor Advisory: https://git.kernel.org/stable/c/05258a0a69b3c5d2c003f818702c0a52b6fea861

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable NFS RPC-over-TCP

linux

Switch NFS to use RPC-over-RDMA instead of TCP if supported by your infrastructure

# Edit /etc/nfs.conf or distribution-specific NFS configuration
# Set transport protocol to rdma instead of tcp

Implement memory limits

linux

Use cgroups or systemd to limit memory usage of NFS server processes

# Using systemd: systemctl set-property nfs-server.service MemoryMax=value
# Using cgroups: echo value > /sys/fs/cgroup/memory/nfs/memory.limit_in_bytes

🧯 If You Can't Patch

  • Restrict NFS access to trusted clients only using firewall rules and authentication
  • Implement aggressive monitoring and alerting for memory consumption on NFS servers

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if NFS server is running with RPC-over-TCP: 'uname -r' and 'rpcinfo -p | grep nfs'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and monitor memory usage of NFS processes over time: 'cat /proc/meminfo' and 'ps aux | grep nfs'

📡 Detection & Monitoring

Log Indicators:

  • Increasing memory usage in /var/log/messages or dmesg
  • OOM killer messages related to NFS processes
  • System performance degradation logs

Network Indicators:

  • Unusual volume of RPC requests to NFS servers
  • TCP connections to NFS port 2049 from unexpected sources

SIEM Query:

source="kernel" AND ("Out of memory" OR "oom-killer") AND process="nfs"

📊 Metadata

CVE ID: CVE-2024-35882
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: May 19, 2024
Last Updated: March 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35882, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)