An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
Related bugs and status
CVE-2019-16746 (Candidate)
is related to these bugs: