CVE-2026-7763: CWE-122 Heap-based Buffer Overflow in Morse Micro HaLowLink 2
CVE-2026-7763 is a heap-based buffer overflow vulnerability in the Morse Micro HaLowLink 2 Wi-Fi kernel driver (morse. ko) prior to version 2. 11. 13. An unauthenticated attacker within radio range can exploit this by sending a crafted 802. 11ah beacon frame with a malformed Traffic Indication Map (TIM) Information Element. This causes a buffer overflow in the morse_page_slicing_process_tim_element() function, potentially leading to a denial of service (kernel panic) or remote code execution. No authentication or user interaction is required since beacons are broadcast frames processed during passive scanning. Patch status is not confirmed as no patch or official remediation is indicated in the available data.
AI Analysis
Technical Summary
This vulnerability arises from improper validation of the TIM bitmap length in the morse_page_slicing_process_tim_element() function within the morse.ko kernel driver of Morse Micro HaLowLink 2 software versions before 2.11.13. The function uses the length derived directly from a received Information Element without verifying it against the fixed-size destination buffer, leading to up to 252 bytes of attacker-controlled data being written beyond the buffer boundary via memset and memcpy. Because the malformed TIM IE is delivered in 802.11ah beacon frames, which are broadcast and processed during passive scanning, exploitation requires only proximity to the device and no authentication. This can cause a kernel panic or potentially allow remote code execution.
Potential Impact
Successful exploitation can cause a denial of service through a kernel panic or potentially enable remote code execution on affected devices. The vulnerability can be triggered by an unauthenticated attacker within radio range, increasing the risk in environments where the device is exposed to untrusted wireless signals. No known exploits in the wild have been reported. The lack of authentication requirement and the ability to trigger the flaw via broadcast frames increase the attack surface.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, limit exposure by restricting physical proximity to trusted devices and monitoring for unusual device behavior. Avoid relying on generic mitigations as no vendor advisory or patch information is currently provided.
CVE-2026-7763: CWE-122 Heap-based Buffer Overflow in Morse Micro HaLowLink 2
Description
CVE-2026-7763 is a heap-based buffer overflow vulnerability in the Morse Micro HaLowLink 2 Wi-Fi kernel driver (morse. ko) prior to version 2. 11. 13. An unauthenticated attacker within radio range can exploit this by sending a crafted 802. 11ah beacon frame with a malformed Traffic Indication Map (TIM) Information Element. This causes a buffer overflow in the morse_page_slicing_process_tim_element() function, potentially leading to a denial of service (kernel panic) or remote code execution. No authentication or user interaction is required since beacons are broadcast frames processed during passive scanning. Patch status is not confirmed as no patch or official remediation is indicated in the available data.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from improper validation of the TIM bitmap length in the morse_page_slicing_process_tim_element() function within the morse.ko kernel driver of Morse Micro HaLowLink 2 software versions before 2.11.13. The function uses the length derived directly from a received Information Element without verifying it against the fixed-size destination buffer, leading to up to 252 bytes of attacker-controlled data being written beyond the buffer boundary via memset and memcpy. Because the malformed TIM IE is delivered in 802.11ah beacon frames, which are broadcast and processed during passive scanning, exploitation requires only proximity to the device and no authentication. This can cause a kernel panic or potentially allow remote code execution.
Potential Impact
Successful exploitation can cause a denial of service through a kernel panic or potentially enable remote code execution on affected devices. The vulnerability can be triggered by an unauthenticated attacker within radio range, increasing the risk in environments where the device is exposed to untrusted wireless signals. No known exploits in the wild have been reported. The lack of authentication requirement and the ability to trigger the flaw via broadcast frames increase the attack surface.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, limit exposure by restricting physical proximity to trusted devices and monitoring for unusual device behavior. Avoid relying on generic mitigations as no vendor advisory or patch information is currently provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Bugcrowd
- Date Reserved
- 2026-05-04T05:03:00.671Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a223200e29bf47b5016a096
Added to database: 6/5/2026, 2:18:40 AM
Last enriched: 6/5/2026, 2:34:09 AM
Last updated: 6/5/2026, 3:31:19 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.