Description
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C.

This issue affects lede: through r25.10.1.
Published: 2026-01-27
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The vulnerability is an infinite loop in the security module bn_lib.C of the coolsnowwolf/lede firmware. The loop contains an unreachable exit condition, causing the executing process to hang indefinitely. An attacker can trigger the loop by sending crafted traffic to the driver, leading to service disruption or resource exhaustion. This weakness is classified as CWE‑835.

Affected Systems

The flaw affects all installations of coolsnowwolf/lede up to and including version r25.10.1; the exact boundary is inferred from the description, which states the vulnerability is present "through r25.10.1". The version range is not explicitly enumerated in the vendor’s advisories. This inference is based solely on the stated wording.

Risk and Exploitability

The CVSS score of 9.2 indicates a high severity denial‑of‑service vulnerability. The EPSS score of less than 1% shows that the likelihood of active exploitation is low but not zero. The vulnerability is not listed in the CISA KEV catalog, meaning no documented exploits are currently known. Based on the description, it is inferred that the attacker’s attack vector requires interaction with the affected Wi‑Fi driver, likely through network traffic or local privileged operations, to trigger the infinite loop. Successful exploitation would cause the driver to consume CPU resources indefinitely, potentially crashing the system or degrading overall performance.

Generated by OpenCVE AI on April 18, 2026 at 14:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch from pull request 13346, which corrects the loop exit condition.
  • Rebuild the lede firmware with the updated driver and flash it onto all affected devices.
  • If the device does not require WLAN functionality, disable the affected driver to prevent the loop from being invoked.

Generated by OpenCVE AI on April 18, 2026 at 14:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Coolsnowwolf
Coolsnowwolf lede
Vendors & Products Coolsnowwolf
Coolsnowwolf lede

Tue, 27 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 08:45:00 +0000

Type Values Removed Values Added
Description Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C. This issue affects lede: through r25.10.1.
Title A possible infinite loop vulnerability in coolsnowwolf/lede
Weaknesses CWE-835
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/S:N/AU:Y/R:U/V:C/RE:L/U:Amber'}

Subscriptions

Coolsnowwolf Lede
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T17:04:27.974Z

Reserved: 2026-01-27T08:39:10.280Z

Link: CVE-2026-24803

cve-icon Vulnrichment

Updated: 2026-01-27T17:04:24.367Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T09:15:50.337

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24803

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses