CVE-2021-47561

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the i2c virtio component in the Linux kernel. If a timeout occurs, it can result in incorrect data on the I2C bus and/or memory corruptions in the guest since the device can still be operating on the buffers it was given while the guest has freed them. This can lead to a denial of service. The virtio i2c xfer function is involved in the issue, and the problem can be triggered when a timeout is forced, for example, by setting a breakpoint in the backend. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the timeout support for the i2c virtio component to minimize the risk of exploitation.