CVE-2026-7763
June 5, 2026, 2:17 a.m.
None
No Score
Description
A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service (kernel panic) or potentially achieve Remote Code Execution via a crafted 802.11ah beacon frame containing a malformed Traffic Indication Map (TIM) Information Element. The function morse_page_slicing_process_tim_element() in page_slicing.c derives the TIM bitmap length directly from a received IE field without validating it against the fixed-size destination buffer before passing it to memset and memcpy operations, allowing up to 252 bytes of attacker-controlled data to be written beyond the buffer boundary. Because beacons are broadcast frames processed during passive scanning, no authentication, association, or user interaction is required.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Morse |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | morse | morse_halowlink | <2.11.13 | / | / | / | / | / | / | / |
Tags
Timeline
Published: June 5, 2026, 2:17 a.m.
Last Modified: June 5, 2026, 2:17 a.m.
Last Modified: June 5, 2026, 2:17 a.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
4ac701fe-44e9-4bcd-9585-dd6449257611
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.