Description: isdn: cpai: check ctr->cnr to avoid array index out of bound
References:
 https://www.openwall.com/lists/oss-security/2021/10/19/1
 https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/
Notes:
 carnil> Fixed as well in 5.14.15 in 5.14.y.
 bwh> This seems to really be a bug in the Bluetooth CMTP subsystem, which has
 bwh> been present since that was added in Linux 2.6.2.
Bugs:
upstream: released (5.15-rc6) [1f3e2e97c003f80c4b087092b225c8787ff91e4d]
5.10-upstream-stable: released (5.10.76) [7f221ccbee4ec662e2292d490a43ce6c314c4594]
4.19-upstream-stable: released (4.19.214) [7d91adc0ccb060ce564103315189466eb822cc6a]
4.9-upstream-stable: released (4.9.288) [24219a977bfe3d658687e45615c70998acdbac5a]
sid: released (5.14.16-1)
5.10-bullseye-security: released (5.10.84-1)
4.19-buster-security: released (4.19.232-1)
4.9-stretch-security: released (4.9.290-1)