I'm not sure if there is always a patch to the corresponding CVE ?
And what if patch_a doesn't fix the CVE properly and then here comes patch_b, so there are two patches to fix one certain CVE. In this case will the CVE reference updated?
To give a correct answer we have to check the CVE publication processes,
To begin, the person who find a vulnerability have to tell it to the editor of the impacted product. After that, the editor have a period to provide a patch. After this period the vulnerability is published.
Usually the editor have already create a patch and the website who publish the CVE give a link to the patch. But sometime, after the period there's no patch. Sometime the editor made the decision not to provide a patch. many reason for that :
For the second question, usually, when a patch does not fix properly a vulnerability a second CVE ID are created with a new patch.