In the Linux kernel, the following vulnerability has been resolved:
mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length
No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sg_miter's length.
Limit the number of transmitted bytes to sgm->length.