CVE-2026-7764

An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service (kernel oops/panic) via a crafted 802.11ah beacon or probe response frame containing a malformed Vendor Information Element. The function morse_vendor_find_vendor_ie() does not validate the IE length against the expected structure size before its result is passed to morse_vendor_rx_caps_ops_ie() and morse_vendor_fill_sta_vendor_info(), which read at fixed offsets into the IE data. Because the length check only requires the IE to be longer than 3 bytes, an attacker can supply an undersized IE, causing a heap out-of-bounds read of up to 9 bytes. No authentication, association, or user interaction is required.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:morsemicro:halowlink_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:morsemicro:halowlink_2:-:*:*:*:*:*:*:*

History

30 Jun 2026, 19:00

Type Values Removed Values Added
References () https://www.morsemicro.com/security-advisories/MM-SA-2026-003 - () https://www.morsemicro.com/security-advisories/MM-SA-2026-003 - Vendor Advisory
First Time Morsemicro
Morsemicro halowlink 2 Firmware
Morsemicro halowlink 2
CWE CWE-125
CPE cpe:2.3:h:morsemicro:halowlink_2:-:*:*:*:*:*:*:*
cpe:2.3:o:morsemicro:halowlink_2_firmware:*:*:*:*:*:*:*:*

04 Jun 2026, 14:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8

04 Jun 2026, 02:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-04 02:16

Updated : 2026-06-30 19:00


NVD link : CVE-2026-7764

Mitre link : CVE-2026-7764

CVE.ORG link : CVE-2026-7764


JSON object : View

Products Affected

morsemicro

  • halowlink_2
  • halowlink_2_firmware
CWE
CWE-125

Out-of-bounds Read