> overflow into adjacent allocations (fixed by VMAP_STACK). 99% fixed, but it's possible to skip over the guard page without -fstack-check enabled (plus some edge cases need to be fixed in GCC), unless VLAs were forbidden in addition to the existing large frame size warning.
I'm not sure about in-tree code, but Qualcomm had some of these improperly bounded VLA vulnerabilities in their MSM kernel...
