In the Linux kernel, the following vulnerability has been resolved:
soundwire: qcom: fix storing port config out-of-bounds
The qcom_swrm_ctrl->pconfig has size of QCOM_SDW_MAX_PORTS (14), however we index it starting from 1, not 0, to match real port numbers. This can lead to writing port config past pconfig bounds and overwriting next member of qcom_swrm_ctrl struct. Reported also by smatch:
drivers/soundwire/qcom.c:1269 qcom_swrm_get_port_config() error: buffer overflow ctrl->pconfig 14 <= 14