LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47613: i2c: virtio: fix completion handling

In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only received when the device is done with all the queued buffers. However, this is not true, since the notify callback could be called without any of the queued buffers being completed (for example, with virtio-pci and shared interrupts) or with only some of the buffers being completed (since the driver makes them available to the device in multiple separate virtqueue_add_sgs() calls). This can lead to incorrect data on the I2C bus or memory corruption in the guest if the device operates on buffers which are have been freed by the driver. (The WARN_ON in the driver is also triggered.) BUG kmalloc-128 (Tainted: G W ): Poison overwritten First byte 0x0 instead of 0x6b Allocated in i2cdev_ioctl_rdwr+0x9d/0x1de age=243 cpu=0 pid=28 memdup_user+0x2e/0xbd i2cdev_ioctl_rdwr+0x9d/0x1de i2cdev_ioctl+0x247/0x2ed vfs_ioctl+0x21/0x30 sys_ioctl+0xb18/0xb41 Freed in i2cdev_ioctl_rdwr+0x1bb/0x1de age=68 cpu=0 pid=28 kfree+0x1bd/0x1cc i2cdev_ioctl_rdwr+0x1bb/0x1de i2cdev_ioctl+0x247/0x2ed vfs_ioctl+0x21/0x30 sys_ioctl+0xb18/0xb41 Fix this by calling virtio_get_buf() from the notify handler like other virtio drivers and by actually waiting for all the buffers to be completed.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel virtio I2C driver flaw. In affected kernels, the driver may treat unfinished I/O buffers as complete, which can corrupt guest memory or send incorrect data on the I2C bus. Exposure appears limited to systems using virtio I2C rather than all Linux systems.

Executive priority

Treat as a targeted kernel maintenance issue, not a broad internet-facing emergency based on the provided evidence. Prioritize patch validation for virtualized workloads using virtio I2C, especially where guest integrity matters.

Technical view

The virtio I2C driver mishandles virtqueue completion notifications. A callback may arrive with no buffers, or only some buffers, completed. The driver could then free buffers still used by the device, causing use-after-free style guest memory corruption and bad I2C transactions.

Likely exposure

Most relevant to virtualized Linux guests or environments that expose virtio I2C devices. The source lists Linux 5.15-era versions as affected, with stable kernel commits referenced as fixes. Systems not using the virtio I2C driver are less likely to be exposed.

Exploitation context

The bundle does not cite active exploitation, public exploit code, or CISA KEV listing. Practical exploitation details are not established here. The reported impact is incorrect I2C data or guest memory corruption when completion handling races or partial completions occur.

Researcher notes

The evidence describes a completion-handling bug fixed by using virtio_get_buf() in the notify handler and waiting for all buffers. The bundle does not provide CVSS, CWE, exploit prerequisites, or host-impact claims, so scope should be validated locally.

Mitigation direction

  • Update affected Linux kernels to versions containing the referenced stable fixes.
  • Check Linux distribution advisories for backported fixes and supported kernel packages.
  • Prioritize virtualized systems that use virtio I2C devices.
  • Avoid assuming all Linux hosts are affected without driver and device exposure evidence.

Validation and detection

  • Inventory running kernel versions on systems using virtio I2C.
  • Confirm whether the virtio_i2c driver or virtio I2C device is present.
  • Verify installed kernel packages include the referenced stable fixes or vendor backports.
  • Review kernel logs for related WARN_ON or memory corruption reports.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47613 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
3Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux3cfc88380413d20f777dc6648a38f683962e52bf, 3cfc88380413d20f777dc6648a38f683962e52bfunaffected
LinuxLinux5.15, 0, 5.15.10, 5.16affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.