A critical heap-based buffer overflow in the Morse Micro HaLowLink 2 kernel driver allows unauthenticated attackers to trigger a kernel panic or execute arbitrary code via malformed beacon frames.

The morse.ko kernel driver fails to validate the TIM bitmap length in received beacon frames. An unauthenticated attacker within radio range can send a crafted frame to overflow the buffer, leading to potential RCE.

The CVSS score of 9.8 indicates that this is a high-priority risk. Successful exploitation could result in full system compromise or a persistent Denial of Service, which is particularly dangerous for industrial or IoT deployments relying on the HaLowLink 2 platform.

Immediate Action: Update Morse Micro HaLowLink 2 software to version 2.11.13 or later.

Proactive Monitoring: Review device logs for unusual wireless traffic patterns or repeated kernel stability issues.

Compensating Controls: Given the nature of the attack vector (broadcast beacon frames), physical security and limiting exposure to untrusted wireless environments are the most effective interim measures.

Public Exploit Available: False

This vulnerability poses a severe threat to system integrity. Administrators must ensure that all devices running the affected Morse Micro software are updated to 2.11.13 to remediate the buffer overflow flaw.