<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">

  <title>Morse Micro Security Advisories</title>
  <subtitle>Published security advisories for Morse Micro Wi-Fi HaLow products</subtitle>
  <link href="https://www.morsemicro.com/security-resources/feed.xml" rel="self"/>
  <link href="https://www.morsemicro.com/security/advisories/" rel="alternate" type="text/html"/>
  <id>https://www.morsemicro.com/security/advisories/</id>
  <updated>2026-05-21T00:00:00Z</updated>
  <author>
    <name>Morse Micro PSIRT</name>
    <email>security@morsemicro.com</email>
    <uri>https://www.morsemicro.com/security/</uri>
  </author>
  <icon>https://www.morsemicro.com/wp-content/uploads/2021/06/cropped-ICON-BLACK-FULL-White-fill-270x270.png</icon>
  <rights>© 2026 Morse Micro Pty. Ltd.</rights>

  <entry>
    <title>MM-SA-2026-003: Pre-authentication out-of-bounds read in morse.ko Vendor IE processing</title>
    <link href="https://www.morsemicro.com/security/advisories/mm-sa-2026-003/"/>
    <id>https://www.morsemicro.com/security/advisories/mm-sa-2026-003/</id>
    <updated>2026-05-21T00:00:00Z</updated>
    <published>2026-05-21T00:00:00Z</published>
    <author>
      <name>Morse Micro PSIRT</name>
    </author>
    <category term="Medium" label="Severity: Medium"/>
    <category term="CVE-2026-7764" label="CVE-2026-7764"/>
    <summary type="text">An out-of-bounds read in the morse.ko HaLow Wi-Fi kernel driver allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a denial of service via a crafted 802.11ah beacon or probe response containing a malformed Vendor Information Element. Fixed in HaLowLink 2 software version 2.11.12.</summary>
  </entry>

</feed>