Linux-4.6/drivers/platform/chrome/cros_ec_dev.c suffers from a double-fetch vulnerability that can lead to a race condition and buffer overflow.