diff --git a/core/mac/src/pe/lim/lim_process_deauth_frame.c b/core/mac/src/pe/lim/lim_process_deauth_frame.c
index ae79062215..4b915f5a23 100644
--- a/core/mac/src/pe/lim/lim_process_deauth_frame.c
+++ b/core/mac/src/pe/lim/lim_process_deauth_frame.c
@@ -75,6 +75,11 @@ lim_process_deauth_frame(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo,
 
 	pBody = WMA_GET_RX_MPDU_DATA(pRxPacketInfo);
 	frame_rssi = (int32_t)WMA_GET_RX_RSSI_NORMALIZED(pRxPacketInfo);
+	frameLen = WMA_GET_RX_PAYLOAD_LEN(pRxPacketInfo);
+	if (frameLen < sizeof(reasonCode)) {
+		pe_err("Deauth Frame length invalid %d", frameLen);
+		return ;
+	}
 
 	if (LIM_IS_STA_ROLE(psessionEntry) &&
 	    ((eLIM_SME_WT_DISASSOC_STATE == psessionEntry->limSmeState) ||
@@ -126,7 +131,6 @@ lim_process_deauth_frame(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo,
 
 		/* If the frame received is unprotected, forward it to the supplicant to initiate */
 		/* an SA query */
-		frameLen = WMA_GET_RX_PAYLOAD_LEN(pRxPacketInfo);
 
 		/* send the unprotected frame indication to SME */
 		lim_send_sme_unprotected_mgmt_frame_ind(pMac, pHdr->fc.subType,