CVE-2021-47613

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the Linux kernel's virtio component, where the driver incorrectly assumes that the notify callback is only received when the device is done with all the queued buffers. However, the notify callback can be called without any of the queued buffers being completed, or with only some of the buffers being completed. This can lead to incorrect data on the I2C bus or memory corruption in the guest if the device operates on buffers that have been freed by the driver.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.