In the Linux kernel, the following vulnerability has been resolved:
i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction()
memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.