CVE-2025-39849
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()
If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would
lead to memory corruption so add some bounds checking.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's wifi component (cfg80211) occurs when the SSID length exceeds the maximum allowed length of 32 bytes (IEEE80211_MAX_SSID_LEN). Without proper bounds checking, this can lead to memory corruption in the __cfg80211_connect_result() function.
How can this vulnerability impact me? :
The memory corruption caused by an SSID length exceeding the maximum limit could potentially lead to system instability, crashes, or exploitation by attackers to execute arbitrary code or cause denial of service.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70