CVE-2021-47561
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's virtio I2C driver allows memory corruption when I2C transfers timeout. This can lead to kernel crashes, data corruption, or potential privilege escalation. Affected systems are those running vulnerable Linux kernel versions with virtio I2C enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to system crash, privilege escalation, or arbitrary code execution in kernel context.
Likely Case
System instability, kernel panics, or data corruption on I2C bus communications.
If Mitigated
Minor performance impact from disabled timeout handling with no security risk.
🎯 Exploit Status
Requires ability to trigger I2C timeouts through malicious backend or timing attacks. Exploitation requires local access to I2C device interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 84e1d0bf1d7121759622dabf8fbef4c99ad597c5 and cc432b0727ce404cc13e8f6b5ce29f412c3f9f1f
Vendor Advisory: https://git.kernel.org/stable/c/84e1d0bf1d7121759622dabf8fbef4c99ad597c5
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify virtio I2C driver is loaded with patched code.
🔧 Temporary Workarounds
Disable virtio I2C driver
linuxRemove or blacklist the virtio I2C driver to prevent loading
echo 'blacklist virtio_i2c' >> /etc/modprobe.d/blacklist-virtio-i2c.conf
update-initramfs -u
reboot
Disable I2C device access
linuxRemove permissions to I2C device files
chmod 000 /dev/i2c-*
setfacl -b /dev/i2c-*
🧯 If You Can't Patch
- Disable virtio I2C functionality in virtualization configuration
- Restrict I2C device access to trusted users only using file permissions
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if virtio_i2c module is loaded: lsmod | grep virtio_i2cCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check dmesg for virtio I2C driver messages indicating timeout handling disabled📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to virtio_i2c
- slub_debug poison overwritten errors
- I2C transfer timeout errors
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
source="kernel" AND ("virtio_i2c" OR "slub_debug" OR "Poison overwritten")