CVE-2026-7763

Vulnerability

A heap-based buffer overflow exists in the morse.ko HaLow Wi-Fi kernel driver within Morse Micro HaLowLink 2 software versions prior to 2.11.13. The vulnerability is triggered by a malformed Traffic Indication Map (TIM) Information Element within an 802.11ah beacon frame. The function morse_page_slicing_process_tim_element() in page_slicing.c incorrectly derives the TIM bitmap length from the received IE without validating it against the destination buffer size, leading to writes beyond the buffer boundary via memset and memcpy operations. [1]

Exploitation

An unauthenticated attacker within radio range can exploit this vulnerability by sending a crafted 802.11ah beacon frame containing a malformed TIM Information Element. Since beacon frames are broadcast and processed during passive scanning, no authentication, association, or user interaction is required for exploitation. [1]

Impact

Successful exploitation of this vulnerability can lead to a Denial of Service (kernel panic) or potentially Remote Code Execution. The overflow allows up to 252 bytes of attacker-controlled data to be written beyond the intended buffer boundary, potentially corrupting critical kernel memory. [1]

Mitigation

Morse Micro has released version 2.11.13 of the HaLowLink 2 software, which addresses this vulnerability. Users are advised to update to version 2.11.13 or later. [1]