In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()[EOL][EOL]Fix a stack-out-of-bounds write that occurs in a WMI response callback[EOL]function that is called after a timeout occurs in ath9k_wmi_cmd().[EOL]The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that[EOL]could no longer be valid when a timeout occurs. Set wmi->last_seq_id to[EOL]0 when a timeout occurred.[EOL][EOL]Found by a modified version of syzkaller.[EOL][EOL]BUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx[EOL]Write of size 4[EOL]Call Trace:[EOL] memcpy[EOL] ath9k_wmi_ctrl_rx[EOL] ath9k_htc_rx_msg[EOL] ath9k_hif_usb_reg_in_cb[EOL] __usb_hcd_giveback_urb[EOL] usb_hcd_giveback_urb[EOL] dummy_timer[EOL] call_timer_fn[EOL] run_timer_softirq[EOL] __do_softirq[EOL] irq_exit_rcu[EOL] sysvec_apic_timer_interrupt
