The Linux Foundation Magma
Moderate fix1 remedy
cpe:2.3:a:linuxfoundation:magma:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 1.8.0
The Linux Foundation Magma Buffer Overflow Vulnerability in Traffic Flow Template Packet Filtering Allowing Denial-of-Service
Vulnerability
Patched
A buffer overflow vulnerability has been identified in The Linux Foundation Magma version 1.8.0 and prior, within the 'decode_traffic_flow_template_packet_filter' function of the 3gpp_24.008_sm_ies.c file. This vulnerability allows attackers to cause a denial-of-service by sending a crafted NAS packet, disrupting cellular network services.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing persistent disruption of all cellular communications in the affected area.
Reproduction
The vulnerability can be reproduced by sending an 'Initial UE Message' S1AP packet that includes a 'Bearer Resource Modification Request' with a malformed Traffic Flow Template packet filter. This can be done using tools that simulate UE behavior and send crafted S1AP messages over the network.
Remediation
Users can upgrade to Magma version 1.9 or later, where this vulnerability has been fixed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
2.5exploitability
9.1remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.