In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
op-cs is copied in fun->mchip_number which is used to access the mchip_offsets and the rnb_gpio arrays. These arrays have NAND_MAX_CHIPS elements, so the index must be below this limit.
Fix the sanity check in order to avoid the NAND_MAX_CHIPS value. This would lead to out-of-bound accesses.