Primary

Context

Magma Mobile Management Entity Null Pointer Dereference Vulnerability via Malformed S1AP Initial UE Message

Vulnerability

Patched

A null pointer dereference vulnerability has been identified in the Mobile Management Entity (MME) of Magma versions through 1.8.0. This vulnerability allows network-adjacent attackers to crash the MME by sending an S1AP Initial UE Message packet that lacks the required eNB_UE_S1AP_ID field.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the MME to crash and disrupt all cellular communications managed by that MME.

Reproduction

To reproduce this vulnerability, send an S1AP Initial UE Message packet to the MME that is missing the eNB_UE_S1AP_ID field. This can be done by an unauthenticated mobile device or, with base station access, via a compromised base station.

Remediation

Users can upgrade to Magma version 1.9 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Magma Mobile Management Entity Null Pointer Dereference Vulnerability via Malformed S1AP Initial UE Message

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Magma

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating