CVE-2021-47153: i2c: i801: Don't generate an interrupt on bus reset
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Don't generate an interrupt on bus reset
Now that the i2c-i801 driver supports interrupts, setting the KILL bit
in a attempt to recover from a timed out transaction triggers an
interrupt. Unfortunately, the interrupt handler (i801_isr) is not
prepared for this situation and will try to process the interrupt as
if it was signaling the end of a successful transaction. In the case
of a block transaction, this can result in an out-of-range memory
access.
This condition was reproduced several times by syzbot:
https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e
https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e
https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e
https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb
https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a
https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79
So disable interrupts while trying to reset the bus. Interrupts will
be enabled again for the following transaction.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel driver flaw in the i2c-i801 bus controller. During recovery from a timed-out transaction, the driver could trigger an unexpected interrupt and mishandle memory. Business risk is mainly to systems where already highly privileged local users or workloads can reach this kernel path.
Executive priority
Treat as routine but real kernel maintenance risk. It is not remotely exploitable based on supplied evidence, but privileged local kernel memory bugs can matter on shared, multi-tenant, or heavily delegated systems.
Technical view
The i2c-i801 driver sets the KILL bit during bus reset after transaction timeout. With interrupt support enabled, that can invoke i801_isr, which treats the interrupt as successful transaction completion. For block transactions, the CVE states this can cause out-of-range memory access.
Likely exposure
Exposure is limited to Linux systems running affected kernel versions with the i2c-i801 driver path present. The source lists Linux kernel ranges and stable commits, but distribution backport status must be verified per vendor package.
Exploitation context
No active exploitation is cited, and KEV is false. The issue was reproduced by syzbot. CVSS marks attack vector local, low complexity, no user interaction, and high privileges required, with possible confidentiality and availability impact.
Researcher notes
Evidence supports a driver interrupt-handling bug fixed by disabling interrupts during bus reset. The source bundle does not provide public exploit details, distribution-specific affected package names, or a named workaround beyond applying fixed kernel changes.
Mitigation direction
Update to a vendor kernel containing the referenced stable Linux fixes.
Check distribution advisories for backported i2c-i801 fixes.
Prioritize hosts that permit privileged local users or privileged workloads.
If patching is delayed, follow vendor guidance on driver exposure or workarounds.
Validation and detection
Inventory running kernel versions across Linux assets.
Confirm whether affected systems load or depend on the i2c-i801 driver.
Review kernel package changelogs for the referenced stable commits.
Track remediation through normal vulnerability management until patched packages are deployed.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47153 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.