CVE-2025-39849

HIGH

Linux Kernel - Out-of-bounds Write in WiFi SSID Length Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.

References (7)

Core 7

Core References

Third Party Advisory, Mailing List

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

Patch

https://git.kernel.org/stable/c/8e751d46336205abc259ed3990e850a9843fb649

Patch

https://git.kernel.org/stable/c/e472f59d02c82b511bc43a3f96d62ed08bf4537f

Patch

https://git.kernel.org/stable/c/31229145e6ba5ace3e9391113376fa05b7831ede

Patch

https://git.kernel.org/stable/c/5cb7cab7adf9b1e6a99e2081b0e30e9e59d07523

Patch

https://git.kernel.org/stable/c/62b635dcd69c4fde7ce1de4992d71420a37e51e3

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 6.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (22)

debian/debian_linux 11.0

linux/Kernel < 6.1.151linux

linux/Kernel 6.2.0 - 6.6.105linux

linux/Kernel 6.3.0 - 6.12.46linux

linux/Kernel 6.7.0 - 6.16.6linux

Linux/Linux < 6.3

Linux/Linux 6.1.151 - 6.1.*

Linux/Linux 6.1.16 - 6.1.151

Linux/Linux 6.12.46 - 6.12.*

Linux/Linux 6.16.6 - 6.16.*

... and 12 more

Published Sep 19, 2025

Tracked Since Feb 18, 2026