Lee Gibson [off-list ref] wrote:

Function wl1251_cmd_scan calls memcpy without checking the length.
Harden by checking the length is within the maximum allowed size.

Signed-off-by: Lee Gibson <redacted>

Patch applied to wireless-drivers-next.git, thanks.

d10a87a3535c wl1251: Fix possible buffer overflow in wl1251_cmd_scan

-- 
https://patchwork.kernel.org/project/linux-wireless/patch/20210428115508.25624-1-leegib@gmail.com/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches