In the Linux kernel, the following vulnerability has been resolved:
comedi: ni_usb6501: fix NULL-deref in command paths
The driver uses endpoint-sized USB transfer buffers but had no sanity checks on the sizes. This can lead to zero-size-pointer dereferences or overflowed transfer buffers in ni6501portcommand() and ni6501countercommand() if a (malicious) device has smaller max-packet sizes than expected (or when doing descriptor fuzz testing).
Add the missing sanity checks to probe().