In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwlfwinitriggertlv::data is a pointer to a _le32, which means that if we copy to iwlfwinitrigger_tlv::data + offset while offset is in bytes, we'll write past the buffer.