The Linux Foundation Magma
Moderate fix1 remedy
cpe:2.3:a:linuxfoundation:magma:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 1.8.0
The Linux Foundation Magma Buffer Overflow Vulnerability in Access Point Name Decoding Allows Denial-of-Service
Vulnerability
Patched
A buffer overflow vulnerability has been identified in The Linux Foundation Magma version 1.8.0 and prior. This issue arises in the 'decode_access_point_name_ie' function within the '3gpp/3gpp_24.008_sm_ies.c' file. The vulnerability allows attackers to cause a denial-of-service by sending a crafted NAS packet, exploiting the buffer overflow during the decoding process.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the affected component to crash or become unresponsive.
Reproduction
The vulnerability can be reproduced by sending a malformed 'Initial UE Message' S1AP packet containing a NAS payload with a crafted Access Point Name Information Element. This can be done using a software-defined radio (SDR) or over the internet, taking advantage of Wi-Fi calling services.
Remediation
Users can upgrade to Magma version 1.9 or later, where this vulnerability has been fixed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
2.5exploitability
9.1remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.