In the Linux kernel, the following vulnerability has been resolved:
i2c: virtio: fix completion handling
The driver currently assumes that the notify callback is only received
when the device is done with all the queued buffers.
However, this is not true, since the notify callback could be called
without any of the queued buffers being completed (for example, with
virtio-pci and shared interrupts) or with only some of the buffers being
completed (since the driver makes them available to the device in
multiple separate virtqueue_add_sgs() calls).
This can lead to incorrect data on the I2C bus or memory corruption in
the guest if the device operates on buffers which are have been freed by
the driver. (The WARN_ON in the driver is also triggered.)
BUG kmalloc-128 (Tainted: G W ): Poison overwritten
First byte 0x0 instead of 0x6b
Allocated in i2cdev_ioctl_rdwr+0x9d/0x1de age=243 cpu=0 pid=28
memdup_user+0x2e/0xbd
i2cdev_ioctl_rdwr+0x9d/0x1de
i2cdev_ioctl+0x247/0x2ed
vfs_ioctl+0x21/0x30
sys_ioctl+0xb18/0xb41
Freed in i2cdev_ioctl_rdwr+0x1bb/0x1de age=68 cpu=0 pid=28
kfree+0x1bd/0x1cc
i2cdev_ioctl_rdwr+0x1bb/0x1de
i2cdev_ioctl+0x247/0x2ed
vfs_ioctl+0x21/0x30
sys_ioctl+0xb18/0xb41
Fix this by calling virtio_get_buf() from the notify handler like other
virtio drivers and by actually waiting for all the buffers to be
completed.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel virtio I2C driver flaw. In affected kernels, the driver may treat unfinished I/O buffers as complete, which can corrupt guest memory or send incorrect data on the I2C bus. Exposure appears limited to systems using virtio I2C rather than all Linux systems.
Executive priority
Treat as a targeted kernel maintenance issue, not a broad internet-facing emergency based on the provided evidence. Prioritize patch validation for virtualized workloads using virtio I2C, especially where guest integrity matters.
Technical view
The virtio I2C driver mishandles virtqueue completion notifications. A callback may arrive with no buffers, or only some buffers, completed. The driver could then free buffers still used by the device, causing use-after-free style guest memory corruption and bad I2C transactions.
Likely exposure
Most relevant to virtualized Linux guests or environments that expose virtio I2C devices. The source lists Linux 5.15-era versions as affected, with stable kernel commits referenced as fixes. Systems not using the virtio I2C driver are less likely to be exposed.
Exploitation context
The bundle does not cite active exploitation, public exploit code, or CISA KEV listing. Practical exploitation details are not established here. The reported impact is incorrect I2C data or guest memory corruption when completion handling races or partial completions occur.
Researcher notes
The evidence describes a completion-handling bug fixed by using virtio_get_buf() in the notify handler and waiting for all buffers. The bundle does not provide CVSS, CWE, exploit prerequisites, or host-impact claims, so scope should be validated locally.
Mitigation direction
Update affected Linux kernels to versions containing the referenced stable fixes.
Check Linux distribution advisories for backported fixes and supported kernel packages.
Prioritize virtualized systems that use virtio I2C devices.
Avoid assuming all Linux hosts are affected without driver and device exposure evidence.
Validation and detection
Inventory running kernel versions on systems using virtio I2C.
Confirm whether the virtio_i2c driver or virtio I2C device is present.
Verify installed kernel packages include the referenced stable fixes or vendor backports.
Review kernel logs for related WARN_ON or memory corruption reports.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-47613 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.