CVE-2025-39849 — Out-of-bounds Write in Linux

CWE-787 — Out-of-bounds Write16 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 19

Latest updateApr 9

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDlinux/linux_kernel6.1.16 — 6.1.151+4

▶Debianlinux/linux_kernel< 6.1.153-1+2

▶CVEListV5linux/linuxdd43f8f90206054e7da7593de0a334fb2cd0ea88 — 8e751d46336205abc259ed3990e850a9843fb649+6

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-wfxg-5hf2-j2vg: In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid-↗2025-09-22

▶

OSV

CVE-2025-39849: In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->d↗2025-09-19

▶

CVEList

wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()↗2025-09-19

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-04-09

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2026-04-01

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2026-03-23

▶