{"id":"CVE-2021-47624","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change\n\nThe refcount leak issues take place in an error handling path. When the\n3rd argument buf doesn't match with \"offline\", \"online\" or \"remove\", the\nfunction simply returns -EINVAL and forgets to decrease the reference\ncount of a rpc_xprt object and a rpc_xprt_switch object increased by\nrpc_sysfs_xprt_kobj_get_xprt() and\nrpc_sysfs_xprt_kobj_get_xprt_switch(), causing reference count leaks of\nboth unused objects.\n\nFix this issue by jumping to the error handling path labelled with\nout_put when buf matches none of \"offline\", \"online\" or \"remove\".","modified":"2026-03-15T14:45:52.647491Z","published":"2024-07-16T12:15:02.553Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/4b22aa42bd4d2d630ef1854c139275c3532937cb"},{"type":"FIX","url":"https://git.kernel.org/stable/c/5f6024c05a2c0fdd180b29395aaf686d25af3a0f"},{"type":"FIX","url":"https://git.kernel.org/stable/c/776d794f28c95051bc70405a7b1fa40115658a18"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47624.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.15.24"}]},{"events":[{"introduced":"5.16"},{"fixed":"5.16.10"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}