PT-2022-7660 · Linux+7 · Linux Kernel+7

Xiyu Yang

Published

2022-01-13

Updated

2024-09-17

CVE-2021-47624

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a reference count leak in the rpc sysfs xprt state change function in the Linux kernel's sunrpc component. This leak occurs when the 3rd argument buf does not match with "offline", "online", or "remove", causing the function to return -EINVAL and forget to decrease the reference count of rpc xprt and rpc xprt switch objects. This can lead to reference count leaks of both unused objects. The issue can be exploited to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-911CWE-402

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

BDU:2024-08345

CESA-2024_5101

CESA-2024_5102

CVE-2021-47624

INFSA-2024_5101

INFSA-2024_5102

OPENSUSE-SU-2024_2947-1

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024:5256

RHSA-2024:5257

RHSA-2024_5101

RHSA-2024_5102

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:5101

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

Affected Products

Almalinux

Centos

Debian

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

PT-2022-7660 · Linux+7 · Linux Kernel+7

CVE-2021-47624

Weakness Enumeration

Related Identifiers

Affected Products

References · 1728