244 matches found
CVE-2026-7763 Heap buffer overflow in morse.ko TIM IE processing
A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...
CVE-2026-7763
The CVE describes a heap-based buffer overflow in the morse.ko HaLow Wi‑Fi kernel driver (Morse Micro HaLowLink 2) before version 2.11.13. The root cause is in morse_page_slicing_process_tim_element() in page_slicing.c, which derives the TIM bitmap length directly from a received TIM Information ...
CVE-2026-7763
A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...
EUVD-2026-34781
A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...
EUVD-2026-34780
A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...
CVE-2026-7762 Heap buffer overflow in dot11ah.ko S1G Capabilities IE processing
A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...
PT-2026-46901
A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...
EUVD-2026-34189
An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service kernel oops/panic via a...
CVE-2026-7764 Out-of-bounds read in morse.ko Vendor IE processing
An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service kernel oops/panic via a...
CVE-2026-7764
The CVE-2026-7764 entry documents an out-of-bounds read in Morse Micro HaLowLink 2 software (versions prior to 2.11.12) affecting the morse.ko HaLow Wi‑Fi kernel driver. An unauthenticated attacker within radio range can trigger a heap out-of-bounds read (up to 9 bytes) or a Denial of Service by ...
CVE-2026-7764 Out-of-bounds read in morse.ko Vendor IE processing
An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service kernel oops/panic via a...
CVE-2026-7764
An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service kernel oops/panic via a...
PT-2026-46128
An out-of-bounds read vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.12 allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a Denial of Service kernel oops/panic via a...
PT-2026-45452
FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed an out-of-bounds read in the rtwgetie parser. The Information Element IE parser in rtwgetie trusted the length byte of each Information Element without verifying that the IE body len bytes after the 2-by...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed a stack buffer overflow issue during the parsing of the OnAssocReq IE. The length of the Supported Rates IE from an incoming Association Request frame was directly used as the length for the memcpy...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds via the NGSetupRequest function in the ngap/handler.go file when processing the InformationElement argument. An attacker can cause memory corruption by sending specially crafted requests remotely. Remediation Upgrade...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds via the NGSetupRequest function in the ngap/handler.go file when processing the InformationElement argument. An attacker can cause memory corruption by sending specially crafted requests remotely. Remediation Upgrade...
AMF Improperly Restricts Operations within the Bounds of a Memory Buffer
A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...
CVE-2026-8779
A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...