In the function wmi_set_ie, the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the "ie_len" argument can cause a buffer overflow in all Android releases from CAF using the Linux Kernel.