In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: fix a memory corruption
iwlfwinitriggertlv::data is a pointer to a _le32, which means that if we copy to iwlfwinitrigger_tlv::data + offset while offset is in bytes, we'll write past the buffer.