CVE-2026-24804
Infinite Loop Vulnerability in lede mt7603e Driver Module
Publication date: 2026-01-27
Last updated on: 2026-01-27
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| coolsnowwolf | lede | to 25.10.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-835 | The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an infinite loop issue in the coolsnowwolf lede project, specifically in the BN_mod_sqrt() function within the mt7603_wifi common modules. The function, cloned from OpenSSL, lacked a critical security patch that caused it to potentially enter an infinite loop during calculations when the modulus p is non-prime. This infinite loop means the program can get stuck and fail to complete its operations. [1]
How can this vulnerability impact me? :
The infinite loop vulnerability can lead to a denial of service (DoS) by causing the affected function to hang indefinitely during cryptographic calculations. This can disrupt normal operation of the device or software using the coolsnowwolf lede project, potentially leading to service outages or degraded performance. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the security patch that fixes the infinite loop vulnerability in the BN_mod_sqrt() function as described in the coolsnowwolf/lede project. This patch addresses the issue by incorporating the fix originally applied in OpenSSL, preventing the BN_mod_sqrt() function from entering an infinite loop during calculations. Updating to a version of lede that includes this patch or manually applying the patch will mitigate the vulnerability. [1]