CVE-2025-39849

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()

If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdd43f8f90206054e7da7593de0a334fb2cd0ea88 < 8e751d46336205abc259ed3990e850a9843fb649affected
LinuxLinuxc38c701851011c94ce3be1ccb3593678d2933fd8 < e472f59d02c82b511bc43a3f96d62ed08bf4537faffected
LinuxLinuxc38c701851011c94ce3be1ccb3593678d2933fd8 < 31229145e6ba5ace3e9391113376fa05b7831edeaffected
LinuxLinuxc38c701851011c94ce3be1ccb3593678d2933fd8 < 5cb7cab7adf9b1e6a99e2081b0e30e9e59d07523affected
LinuxLinuxc38c701851011c94ce3be1ccb3593678d2933fd8 < 62b635dcd69c4fde7ce1de4992d71420a37e51e3affected
LinuxLinuxbf3c348c5fdcf00a7eeed04a1b83e454d2dca2e5affected
LinuxLinux6.1.16 < 6.1.151affected
LinuxLinux6.2.3 < 6.3affected
LinuxLinux6.3affected
LinuxLinux0 < 6.3unaffected
LinuxLinux6.1.151 <= 6.1.*unaffected
LinuxLinux6.6.105 <= 6.6.*unaffected
LinuxLinux6.12.46 <= 6.12.*unaffected
LinuxLinux6.16.6 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References