Baochen Qiang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a possible out-of-bound read in the `ath12k htt pull ppdu stats()` function. The `len` value is extracted from an HTT message and could be an unexpected value in case of errors, potentially leading to an out-of-bound read. The same issue applies to `ppdu info->ppdu stats.common.num users`. Validation has been added to prevent this issue. The problem was discovered during a code review. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a possible out-of-bound write in the `ath12k wmi ext hal reg caps()` function. The `reg cap.phy id` is extracted from a WMI event and could be an unexpected value in case of errors, leading to an out-of-bound write to `soc->hal reg cap`. This is fixed by validating `reg cap.phy id` before using it. The issue was found during a code review. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.