CVE-2026-10664
CVE-2026-10664 reports an out-of-bounds write in the nRF70 Wi‑Fi driver power-save event handler (nrf_wifi_event_proc_get_power_save_info). The handler copies TWT entries from a power-save info event into a fixed-size twt_flows[8], iterating up to num_twt_flows without validating against WIFI_MAX...