Morse Micro Redefines Wireless Efficiency with Industry-Leading Power Amplifier. Download the whitepaper now.

MM-SA-2026-001 Security Advisory

Heap buffer overflow in morse.ko TIM IE processing

CVE

CVE-2026-7763

Severity

High (CVSS v3.1 8.8)

Fixed in

HaLowLink 2 software version 2.11.13

Status

Resolved

Summary

A heap buffer overflow in the morse.ko HaLow Wi-Fi kernel driver allows an unauthenticated attacker within radio range to cause a denial of service or potentially achieve remote code execution via a crafted 802.11ah beacon containing a malformed Traffic Indication Map Information Element.

Affected products

Product

Affected versions

Fixed version

HaLowLink 2

All versions prior to 2.11.13

2.11.13

Customers using morse.ko in their own Linux integrations should treat their integration as affected if the driver source corresponds to a Morse Micro driver release predating 2.11.13. Contact security@morsemicro.com for patched source.

Action

Upgrade HaLowLink 2 software to 2.11.13 or later.

Acknowledgements

Reported to Morse Micro through Bugcrowd. Morse Micro thanks the researcher for responsible disclosure.

References

Loading...

Subscribe to Our Newsletter

Sign up to learn more about Morse Micro and Wi-Fi HaLow.

This field is for validation purposes and should be left unchanged.
Name(Required)

Subscribe to Our Newsletter

Stay up to date with the latest in Wi-Fi HaLow news and events

This field is for validation purposes and should be left unchanged.
Name(Required)