@plaugg "Most importantly, due to the lack of
checks on len, and given that tmp is a simple 32-byte stack array, this
introduces a trivially exploitable kernel stack buffer overflow able to be
performed by any unprivileged user."

That's effectively a backdoor.