The vulnerability arises from an unreachable exit condition in a loop within the mt7603 driver of the lede firmware. The flaw, categorized as CWE‑835, allows the loop to run indefinitely, consuming processor time and blocking normal operation. Because the loop never exits, a single instance can saturate the host, potentially causing the entire network subsystem to become unresponsive. While the description does not specify how the loop is triggered, the nature of the driver suggests that network traffic or a local configuration error could initiate the malfunction, making remote or local exploitation plausible.

The issue affects the coolsnowwolf lede project. All releases up to and including r25.10.1 are impacted. The specific component affected is mt7603e driver within the mt7603_wifi common modules, located in the package/lean/mt/drivers/mt7603e/src/mt7603_wifi/common directory. Users running those firmware versions should be aware that the nested infinite loop exists.

The CVSS score for this flaw is 9.2, indicating a high impact. The EPSS score is reported as less than 1%, suggesting that the probability of exploitation in the wild is currently viewed as very low. The vulnerability is not listed in the CISA KEV catalog, meaning it has not yet been observed in widely deployed attacks. Nonetheless, the high severity combined with the denial‑of‑service outcome warrants timely action. Based on the description, an attacker that can influence the traffic or configuration handled by the mt7603 driver can trigger the infinite loop, leading to service disruption. The lack of an explicit exploit mention in the data means the exploit path is inferred; the attack could be carried out both locally by a privileged user and remotely via crafted wireless frames.