Memory Corruption Vulnerability in Linux Kernel Affecting Wifi Configuration
CVE-2025-39849

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39849?

A vulnerability in the Linux kernel related to wifi configuration has been identified, specifically concerning the handling of SSID lengths. When the SSID data length exceeds the maximum allowed limit (32 bytes), it could lead to memory corruption. This issue arises from insufficient bounds checking within the function responsible for processing connection results, __cfg80211_connect_result(). Proper validation has been implemented to mitigate this risk and ensure stability and security in wifi operations.

Affected Version(s)

Linux dd43f8f90206054e7da7593de0a334fb2cd0ea88 < 8e751d46336205abc259ed3990e850a9843fb649

Linux c38c701851011c94ce3be1ccb3593678d2933fd8

Linux c38c701851011c94ce3be1ccb3593678d2933fd8 < 31229145e6ba5ace3e9391113376fa05b7831ede

References

https://git.kernel.org/stable/c/8e751d46336205abc259ed399...

https://git.kernel.org/stable/c/e472f59d02c82b511bc43a3f9...

https://git.kernel.org/stable/c/31229145e6ba5ace3e9391113...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025