PT-2025-38556 · Linux+9 · Linux Kernel+9

Published

2025-08-29

·

Updated

2026-05-07

·

CVE-2025-39849

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel’s wifi subsystem related to SSID length handling within the cfg80211 connect result() function. Specifically, insufficient bounds checking on the ssid->datalen variable, when it exceeds the maximum allowed SSID length (IEEE80211 MAX SSID LEN, which is 32 bytes), can lead to memory corruption.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Memory Corruption

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALSA-2025:18281
ALSA-2025:19102
ALSA-2025:19103
AZL-67520
BDU:2025-13881
CESA-2025_19102
CESA-2025_19103
CVE-2025-39849
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-83E8-6747-3085
INFESA-2025_0006
INFSA-2025_18281
INFSA-2025_19102
INFSA-2025_19103
INFSA-2025_21112
OPENSUSE-SU-2025:20081-1
RHSA-2025:18281
RHSA-2025:19102
RHSA-2025:19103
RHSA-2025:19106
RHSA-2025:21112
RHSA-2025:21118
RHSA-2025_18281
RHSA-2025_19102
RHSA-2025_19103
RHSA-2025_21112
SUSE-SU-2025:03600-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu