In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: rndis: prevent integer overflow in rndis_set_response()

If "BufOffset" is very large the "BufOffset + 8" operation can have an
integer overflow.