When the dongle wishes to notify the host OS of an event, it does so by encoding a special 'packet' and transmitting it to the host. These packets have an ether type of 0x886C (referred to as ETHER_TYPE_BRCM), and do not contain actual packet data, but rather encapsulate information about events which must be handled by the driver. When the event code 'WLC_E_PFN_SWC' is received, the gscan handler function calls 'dhd_handle_swc_evt' in order to process the event's data, but fails to check the size of the allocated memory, leading to a buffer overflow vulnerability.