CVE-2026-7764
Out-of-Bounds Read in Morse Micro HaLowLink 2 Wi-Fi Driver
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: Bugcrowd Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| morse_micro | halowlink_2 | to 2.11.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7764 is an out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver used in Morse Micro HaLowLink 2 software versions before 2.11.12.
An unauthenticated attacker within radio range can exploit this by sending a specially crafted 802.11ah beacon or probe response frame containing a malformed Vendor Information Element.
The vulnerability arises because the function morse_vendor_find_vendor_ie() does not properly validate the length of the Vendor Information Element before passing it to other functions that read fixed offsets, allowing an attacker to cause a heap out-of-bounds read of up to 9 bytes.
No authentication, association, or user interaction is required to exploit this vulnerability.
How can this vulnerability impact me? :
This vulnerability can impact you in two main ways:
- An attacker can disclose a small amount of kernel heap memory, potentially leaking sensitive information.
- An attacker can cause a Denial of Service (DoS) by triggering a kernel oops or panic, disrupting normal device operation.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the Morse Micro HaLowLink 2 software to version 2.11.12 or later.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.