CVE-2025-39849
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.02%• Percentile: 7%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Affected Systems
- debian•debian_linux
11.0
- linux•linux
≥ dd43f8f90206054e7da7593de0a334fb2cd0ea88, < 8e751d46336205abc259ed3990e850a9843fb649 | ≥ c38c701851011c94ce3be1ccb3593678d2933fd8, < e472f59d02c82b511bc43a3f96d62ed08bf4537f | ≥ c38c701851011c94ce3be1ccb3593678d2933fd8, < 31229145e6ba5ace3e9391113376fa05b7831ede | ≥ c38c701851011c94ce3be1ccb3593678d2933fd8, < 5cb7cab7adf9b1e6a99e2081b0e30e9e59d07523 | ≥ c38c701851011c94ce3be1ccb3593678d2933fd8, < 62b635dcd69c4fde7ce1de4992d71420a37e51e3 | bf3c348c5fdcf00a7eeed04a1b83e454d2dca2e5 | ≥ 6.1.16, < 6.1.151 | ≥ 6.2.3, < 6.3 | 6.3
- linux•linux_kernel
≥ 6.1.16, < 6.1.151 | ≥ 6.2.3, < 6.6.105 | ≥ 6.7, < 6.12.46 | ≥ 6.13, < 6.16.6 | 6.17:rc1 | 6.17:rc2 | 6.17:rc3 | 6.17:rc4
References (7)
- https://git.kernel.org/stable/c/8e751d46336205abc259ed3990e850a9843fb649
- https://git.kernel.org/stable/c/e472f59d02c82b511bc43a3f96d62ed08bf4537f
- https://git.kernel.org/stable/c/31229145e6ba5ace3e9391113376fa05b7831ede
- https://git.kernel.org/stable/c/5cb7cab7adf9b1e6a99e2081b0e30e9e59d07523
- https://git.kernel.org/stable/c/62b635dcd69c4fde7ce1de4992d71420a37e51e3
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://cert-portal.siemens.com/productcert/html/ssa-032379.html