diff --git a/core/sme/src/common/sme_api.c b/core/sme/src/common/sme_api.c
index 7b7c6a63d9..e4b4c7b5b6 100644
--- a/core/sme/src/common/sme_api.c
+++ b/core/sme/src/common/sme_api.c
@@ -15975,12 +15975,19 @@ QDF_STATUS sme_get_beacon_frm(tHalHandle hal, tCsrRoamProfile *profile,
 		goto free_scan_flter;
 	}
 
-	/*
-	 * bss_descp->length = sizeof(tSirBssDescription) - sizeof(length_field)
-	 * - sizeof(ieFields) + ie_len;
+	/**
+	 * Length of BSS descriptor is without length of
+	 * length itself and length of pointer that holds ieFields.
+	 *
+	 * tSirBssDescription
+	 * +--------+---------------------------------+---------------+
+	 * | length | other fields                    | pointer to IEs|
+	 * +--------+---------------------------------+---------------+
+	 *                                            ^
+	 *                                            ieFields
 	 */
-	ie_len = bss_descp->length - sizeof(tSirBssDescription)
-		+ sizeof(bss_descp->length) + sizeof(bss_descp->ieFields);
+	ie_len = bss_descp->length + sizeof(bss_descp->length)
+		- (uint16_t)(offsetof(tSirBssDescription, ieFields[0]));
 	sme_debug("found bss_descriptor ie_len: %d channel %d",
 					ie_len, bss_descp->channelId);