The change If6d559a3aa7b8719a515e00e271e313c02f8135f has modified
few attribute types from NLA_UNSPEC to NLA_BINARY. But NLA_BINARY
validates only for max length and doesn't validate min length.
This could cause buffer overread if userspace sends less data as
the driver reads fixed length(e.g. 6 bytes for mac_addr) always.
Use VENDOR_NLA_POLICY_MAC_ADDR(NLA_POLICY_ETH_ADDR) or
NLA_EXACT_LEN instead of NLA_UNSPEC which validates for
exact length.
Change-Id: I92cc29716dff29037d14ffd2e269761149c7f74b
CRs-Fixed: 2700695
6f6a3e666d