CVE-2025-38159

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: rtw88: fix the &amp;#39;para&amp;#39; buffer size to avoid reading out of bounds<br /> <br /> Set the size to 6 instead of 2, since &amp;#39;para&amp;#39; array is passed to<br /> &amp;#39;rtw_fw_bt_wifi_control(rtwdev, para[0], &amp;para[1])&amp;#39;, which reads<br /> 5 bytes:<br /> <br /> void rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)<br /> {<br /> ...<br /> SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);<br /> SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));<br /> ...<br /> SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));<br /> <br /> Detected using the static analysis tool - Svace.