A critical heap-based buffer overflow in the Morse Micro HaLowLink 2 kernel driver allows unauthenticated attackers to trigger a kernel panic or execute arbitrary code.

The vulnerability exists in the dot11ah.ko kernel driver due to improper validation of the IE length field during memcpy operations. An unauthenticated attacker within radio range can send a crafted 802.11ah beacon to overflow the kernel heap.

With a CVSS score of 9.8, this vulnerability carries significant risk. Exploitation can lead to a complete Denial of Service via kernel panic or, more severely, Remote Code Execution (RCE) at the kernel level, granting the attacker total control over the affected device.

Immediate Action: Upgrade Morse Micro HaLowLink 2 software to version 2.11.13 or later.

Proactive Monitoring: Monitor system logs for kernel-level errors or unexpected crashes that may indicate exploitation attempts.

Compensating Controls: While difficult to mitigate at the network layer, minimizing exposure by disabling unnecessary wireless scanning features or restricting access to the affected hardware where possible may reduce the attack surface.

Public Exploit Available: False

The severity of this kernel-level vulnerability necessitates immediate patching. Organizations utilizing Morse Micro HaLowLink 2 software should verify their version and apply the 2.11.13 update as soon as possible to mitigate the risk of RCE.