CVE-2026-7762

CRITICAL EPSS 42.7%

Published Jun 5, 20263w ago · Modified Jun 17, 20261w ago

9.8 CVSS 3.1

Critical

Published Jun 5, 2026 3w ago

Last Modified Jun 17, 2026 1w ago

Description

A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service (kernel panic) or potentially achieve Remote Code Execution via a crafted 802.11ah beacon or probe response frame containing a malformed S1G Capabilities Information Element (IE element ID 0xD9). The function morse_dot11ah_find_s1g_caps_for_bssid() uses the IE length field directly as the size argument to memcpy without validating it against the 15-byte destination buffer. An attacker can supply up to 255 bytes, causing an overflow of up to 240 bytes of attacker-controlled data into adjacent kernel heap memory. The vulnerability is triggerable during normal scanning without authentication, association, or user interaction.

CVSS Details

Base Score

9.8

Exploitability

3.9

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

42.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

References 1

morsemicro.com https://www.morsemicro.com/security-advisories/MM-SA-2026-002

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.