In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix possible out-of-bound read in ath12khttpullppdustats()
len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read in the following message iteration and parsing.
The same issue also applies to ppduinfo->ppdustats.common.num_users, so validate it before using too.
These are found during code review.
Compile test only.