diff --git a/package/mtk/drivers/warp/patches/002-warp-fix-proc-dump.patch b/package/mtk/drivers/warp/patches/002-warp-fix-proc-dump.patch
new file mode 100644
index 0000000000..6fe763c28a
--- /dev/null
+++ b/package/mtk/drivers/warp/patches/002-warp-fix-proc-dump.patch
@@ -0,0 +1,32 @@
+Index: warp/warp_proc.c
+===================================================================
+--- warp.orig/warp_proc.c
++++ warp/warp_proc.c
+@@ -452,6 +452,11 @@ warp_proc_ctrl_write(struct file *file,
+ 	char *s = value;
+ 	struct warp_entry *warp = (struct warp_entry *)PDE_DATA(file_inode(file));
+ 
++	if (len1 > 64 || len1 == 0) {
++		warp_dbg(WARP_DBG_OFF, "%s(): invalid length len1 %d!\n", __func__, len1);
++		goto end;
++	}
++
+ 	if (buff && !copy_from_user(value, buff, len1)) {
+ 		token = strsep(&s, " ");
+ 		if(!token)
+Index: warp/wdma.c
+===================================================================
+--- warp.orig/wdma.c
++++ warp/wdma.c
+@@ -65,6 +65,11 @@ dump_rx_ring_raw(struct wdma_entry *wdma
+ 	struct warp_ring *ring = &wdma->res_ctrl.rx_ctrl.rx_ring_ctrl.ring[ring_id];
+ 	u8 *addr;
+ 	u32 size;
++	if ((ring_id >= wdma->res_ctrl.rx_ctrl.rx_ring_ctrl.ring_num)
++		|| (idx >= WED_TX_RING_SIZE)) {
++		return;
++	}
++
+ 	/*WDMA Tx Ring content*/
+ 	warp_dbg(WARP_DBG_OFF, "==========WDMA RX RING RAW (%d/0x%x)==========\n",
+ 		 ring_id, idx);