An issue was found in Linux kernel before 5.5.4. mwifiexretwmmgetstatus() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
{ "urgency": "not yet assigned" }