The following issues were found

drivers/net/phy/mscc/mscc_macsec.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 714 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (IS_ERR(flow))
			return PTR_ERR(flow);

		memcpy(flow->key, ctx->sa.key, priv->secy->key_len);
	}

	flow->assoc_num = ctx->sa.assoc_num;
	flow->rx_sa = ctx->sa.rx_sa;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 741 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (IS_ERR(flow))
			return PTR_ERR(flow);

		memcpy(flow->key, ctx->sa.key, priv->secy->key_len);
	}

	flow->assoc_num = ctx->sa.assoc_num;
	flow->tx_sa = ctx->sa.tx_sa;

Reported by FlawFinder.

drivers/net/phy/mscc/mscc_main.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 453 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              				    u32 *default_mode)
{
	struct vsc8531_private *priv = phydev->priv;
	char led_dt_prop[28];
	int i, ret;

	for (i = 0; i < priv->nleds; i++) {
		ret = sprintf(led_dt_prop, "vsc8531,led-%d-mode", i);
		if (ret < 0)

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 457 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	int i, ret;

	for (i = 0; i < priv->nleds; i++) {
		ret = sprintf(led_dt_prop, "vsc8531,led-%d-mode", i);
		if (ret < 0)
			return ret;

		ret = vsc85xx_dt_led_mode_get(phydev, led_dt_prop,
					      default_mode[i]);

Reported by FlawFinder.

drivers/net/phy/mscc/mscc_ptp.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 419 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	sig[2] = ptphdr->domain;
	sig[3] = ptphdr->tsmt & GENMASK(3, 0);

	memcpy(&sig[4], ethhdr->h_dest, ETH_ALEN);

	/* Fill the last bytes of the signature to reach a 16B signature */
	for (i = 10; i < 16; i++)
		sig[i] = ptphdr->tsmt & GENMASK(3, 0);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1493 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	vsc8531->mii_ts.ts_info  = vsc85xx_ts_info;
	phydev->mii_ts = &vsc8531->mii_ts;

	memcpy(&vsc8531->ptp->caps, &vsc85xx_clk_caps, sizeof(vsc85xx_clk_caps));

	vsc8531->ptp->ptp_clock = ptp_clock_register(&vsc8531->ptp->caps,
						     &phydev->mdio.dev);
	return PTR_ERR_OR_ZERO(vsc8531->ptp->ptp_clock);
}

Reported by FlawFinder.

drivers/net/rionet.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 62 Column: 7 CWE codes: 362 

              	spinlock_t lock;
	spinlock_t tx_lock;
	u32 msg_enable;
	bool open;
};

struct rionet_peer {
	struct list_head node;
	struct rio_dev *rdev;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 627 Column: 13 CWE codes: 362 

              			 DRV_NAME, __func__, rio_name(rdev));

		/* If netdev is already opened, send join request to new peer */
		if (rnet->open)
			rio_send_doorbell(peer->rdev, RIONET_DOORBELL_JOIN);
	}

	return 0;
out:

Reported by FlawFinder.

drivers/net/team/team_mode_loadbalance.c
2 issues
The address of local variable 'lhash' is accessed at non-zero index.
Error

Line: 202 CWE codes: 758 

              		return 0;
	lhash = BPF_PROG_RUN(fp, skb);
	c = (char *) &lhash;
	return c[0] ^ c[1] ^ c[2] ^ c[3];
}

static void lb_update_tx_stats(unsigned int tx_bytes, struct lb_priv *lb_priv,
			       struct lb_port_priv *lb_port_priv,
			       unsigned char hash)

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 446 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
static void __lb_stats_info_refresh_prepare(struct lb_stats_info *s_info)
{
	memcpy(&s_info->last_stats, &s_info->stats, sizeof(struct lb_stats));
	memset(&s_info->stats, 0, sizeof(struct lb_stats));
}

static bool __lb_stats_info_refresh_check(struct lb_stats_info *s_info,
					  struct team *team)

Reported by FlawFinder.

drivers/net/usb/aqc111.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 441 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			   2, &reg16);

	if (dev->net->mtu > 12500) {
		memcpy(buf, &AQC111_BULKIN_SIZE[2], 5);
		/* RX bulk configuration */
		aqc111_write_cmd(dev, AQ_ACCESS_MAC, SFR_RX_BULKIN_QCTRL,
				 5, 5, buf);
	}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 861 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (dev->net->mtu > 12500 && dev->net->mtu <= 16334)
		queue_num = 2; /* For Jumbo packet 16KB */

	memcpy(buf, &AQC111_BULKIN_SIZE[queue_num], 5);
	/* RX bulk configuration */
	aqc111_write_cmd(dev, AQ_ACCESS_MAC, SFR_RX_BULKIN_QCTRL, 5, 5, buf);

	/* Set high low water level */
	if (dev->net->mtu <= 4500)

Reported by FlawFinder.

drivers/net/usb/catc.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 491 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	urb->dev = usbdev;

	if (!q->dir && q->buf && q->len)
		memcpy(catc->ctrl_buf, q->buf, q->len);

	if ((status = usb_submit_urb(catc->ctrl_urb, GFP_ATOMIC)))
		dev_err(&catc->usbdev->dev, "submit(ctrl_urb) status %d\n",
			status);
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 515 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	if (q->dir) {
		if (q->buf && q->len)
			memcpy(q->buf, catc->ctrl_buf, q->len);
		else
			q->buf = catc->ctrl_buf;
	}

	if (q->callback)

Reported by FlawFinder.

drivers/net/ethernet/intel/fm10k/fm10k_mbx.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 247 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	/* copy end of message before start of message */
	if (end < len)
		memcpy(fifo->buffer, msg + end, (len - end) << 2);
	else
		end = len;

	/* Copy remaining message into Tx FIFO */
	memcpy(tail, msg, end << 2);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 252 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		end = len;

	/* Copy remaining message into Tx FIFO */
	memcpy(tail, msg, end << 2);
}

/**
 *  fm10k_fifo_enqueue - Enqueues the message to the tail of the FIFO
 *  @fifo: pointer to FIFO

Reported by FlawFinder.

drivers/net/wireless/intel/iwlwifi/mvm/sf.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 144 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			     sizeof(__le32) * SF_NUM_SCENARIO *
			     SF_NUM_TIMEOUT_TYPES);

		memcpy(sf_cmd->full_on_timeouts, sf_full_timeout,
		       sizeof(sf_full_timeout));
	} else {
		BUILD_BUG_ON(sizeof(sf_full_timeout_def) !=
			     sizeof(__le32) * SF_NUM_SCENARIO *
			     SF_NUM_TIMEOUT_TYPES);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 151 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			     sizeof(__le32) * SF_NUM_SCENARIO *
			     SF_NUM_TIMEOUT_TYPES);

		memcpy(sf_cmd->full_on_timeouts, sf_full_timeout_def,
		       sizeof(sf_full_timeout_def));
	}

}

Reported by FlawFinder.

drivers/net/usb/dm9601.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 334 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return -EINVAL;
	}

	memcpy(net->dev_addr, addr->sa_data, net->addr_len);
	__dm9601_set_mac_address(dev);

	return 0;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 394 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	 * Overwrite the auto-generated address only with good ones.
	 */
	if (is_valid_ether_addr(mac))
		memcpy(dev->net->dev_addr, mac, ETH_ALEN);
	else {
		printk(KERN_WARNING
			"dm9601: No valid MAC address in EEPROM, using %pM\n",
			dev->net->dev_addr);
		__dm9601_set_mac_address(dev);

Reported by FlawFinder.