CVE-2021-47561 in Linux
Summary
by MITRE • 05/24/2024
In the Linux kernel, the following vulnerability has been resolved:
i2c: virtio: disable timeout handling
If a timeout is hit, it can result is incorrect data on the I2C bus and/or memory corruptions in the guest since the device can still be operating on the buffers it was given while the guest has freed them.
Here is, for example, the start of a slub_debug splat which was triggered on the next transfer after one transfer was forced to timeout by setting a breakpoint in the backend (rust-vmm/vhost-device):
BUG kmalloc-1k (Not tainted): Poison overwritten First byte 0x1 instead of 0x6b Allocated in virtio_i2c_xfer+0x65/0x35c age=350 cpu=0 pid=29 __kmalloc+0xc2/0x1c9 virtio_i2c_xfer+0x65/0x35c __i2c_transfer+0x429/0x57d i2c_transfer+0x115/0x134 i2cdev_ioctl_rdwr+0x16a/0x1de i2cdev_ioctl+0x247/0x2ed vfs_ioctl+0x21/0x30 sys_ioctl+0xb18/0xb41 Freed in virtio_i2c_xfer+0x32e/0x35c age=244 cpu=0 pid=29 kfree+0x1bd/0x1cc virtio_i2c_xfer+0x32e/0x35c __i2c_transfer+0x429/0x57d i2c_transfer+0x115/0x134 i2cdev_ioctl_rdwr+0x16a/0x1de i2cdev_ioctl+0x247/0x2ed vfs_ioctl+0x21/0x30 sys_ioctl+0xb18/0xb41
There is no simple fix for this (the driver would have to always create bounce buffers and hold on to them until the device eventually returns the buffers), so just disable the timeout support for now.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/19/2025
The vulnerability identified as CVE-2021-47561 resides within the Linux kernel's i2c virtio driver implementation, representing a critical concurrency and memory management issue that affects virtualized I2C bus operations. This flaw manifests when a timeout condition occurs during I2C transfers, creating a race condition between the guest operating system and the virtualized I2c device backend. The vulnerability specifically impacts systems utilizing virtio-i2c devices, which are commonly found in virtual machine environments where the hypervisor provides I2C bus functionality to guest operating systems through virtio transport mechanisms. The issue stems from improper handling of buffer lifecycle management during timeout scenarios, where the guest kernel frees memory buffers while the underlying virtio device may still be processing data, leading to undefined behavior and potential system instability.
The technical flaw in this vulnerability involves a fundamental mismatch in buffer management protocols between the guest kernel and the virtio backend device driver. When an I2C transfer times out, the system should gracefully handle the buffer cleanup process, but instead the virtio-i2c driver fails to properly synchronize buffer states. This results in a scenario where the guest kernel deallocates memory buffers that the backend device is still actively using, creating a memory corruption condition. The slub_debug kernel diagnostic output provided in the vulnerability description demonstrates the precise nature of this issue, showing a poison byte overwrite where the first byte of allocated memory contains value 0x1 instead of the expected 0x6b, indicating that memory previously marked as freed has been overwritten by subsequent operations. The allocation and deallocation traces clearly show the problematic sequence where virtio_i2c_xfer function both allocates and frees memory in the same call chain, creating a clear path for memory corruption.
The operational impact of CVE-2021-47561 extends beyond simple data corruption, potentially enabling privilege escalation and system instability within virtualized environments. The memory corruption issues can lead to kernel panics, data integrity violations, and in severe cases, arbitrary code execution within the guest operating system. This vulnerability affects virtualized systems that rely on virtio-i2c for communication with peripheral devices, particularly impacting cloud infrastructure, containerized environments, and virtual machine deployments where I2C bus functionality is emulated through virtio interfaces. The vulnerability is particularly concerning because it operates at the kernel level within the I2C subsystem, making it difficult to detect and mitigate without kernel-level intervention. The referenced rust-vmm/vhost-device backend demonstrates that this issue is not isolated to a single implementation but represents a fundamental design flaw in how timeout conditions are handled in virtio-based I2C drivers.
The mitigation strategy for this vulnerability, as implemented in the kernel fix, involves disabling timeout handling entirely within the virtio-i2c driver. This approach, while not providing a complete solution, prevents the race condition from occurring by eliminating the problematic timeout path that leads to buffer corruption. The fix aligns with security best practices in kernel development where complex race conditions with memory safety implications are addressed by removing the problematic code path rather than attempting to implement a complex synchronization mechanism that could introduce additional vulnerabilities. This approach is consistent with the principle of least privilege and defense in depth, as it prevents the exploitation of the memory corruption vulnerability while the more comprehensive fix is developed. The decision to disable timeout handling reflects the complexity of the underlying issue, which would require significant architectural changes to implement proper bounce buffer management and buffer lifecycle synchronization. This vulnerability highlights the challenges of virtualized device drivers where the interaction between guest and host memory management creates complex scenarios that are difficult to handle correctly without careful design consideration, and aligns with CWE-362 which addresses race conditions in concurrent systems and ATT&CK technique T1059 which involves executing malicious code through kernel vulnerabilities.