Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.1.16, < 6.1.151 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/31229145e6ba5ace3e9391113376fa05b7831edePatch
- https://git.kernel.org/stable/c/5cb7cab7adf9b1e6a99e2081b0e30e9e59d07523Patch
- https://git.kernel.org/stable/c/62b635dcd69c4fde7ce1de4992d71420a37e51e3Patch
- https://git.kernel.org/stable/c/8e751d46336205abc259ed3990e850a9843fb649Patch
- https://git.kernel.org/stable/c/e472f59d02c82b511bc43a3f96d62ed08bf4537fPatch
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlMailing ListThird Party Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-032379.html
FAQ
What is CVE-2025-39849?
CVE-2025-39849 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) ...
How severe is CVE-2025-39849?
CVE-2025-39849 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-39849?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.