| The Linux kernel is vulnerable to a resource leak in the ACPI I2C reconfiguration device addition. This occurs because `acpi_i2c_find_adapter_by_handle()` calls `bus_find_device()`, which takes a reference on the adapter that is never released, resulting in a reference count leak and rendering the adapter unremovable. |
| |
| This vulnerability was introduced in kernel version 4.8 with commit 525e6fabeae2 and has been fixed in various later kernel versions, including 4.14.251, 4.19.211, 5.4.153, 5.10.73, and 5.15. |
| |
| The affected file is `drivers/i2c/i2c-core-acpi.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue. If updating is not possible, individual changes can be cherry-picked from specific commits, but this approach is not recommended or supported by the Linux kernel community. |
| |
| The vulnerability has been assigned CVE-2021-47425 and the official CVE entry will be updated if fixes are backported to older supported kernel versions. |
| |
