[Pixel 6 Security] 3, Treat &session_status as bcm_xtlv_t*:WL_PROXD_TLV_ID_LCI
Details
In rttunpackxtlvcbfn of dhdrtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.