Primary

Context

Magma Linked TI IE NAS Packet Vulnerability Allowing Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Magma versions through 1.8.0. The issue arises in the 'decode_linked_ti_ie' function, where a reachable assertion can be triggered by sending a crafted NAS packet that includes a malformed Linked TI Information Element. This vulnerability can cause the Access and Mobility Management Function (AMF) to crash, disrupting cellular services.

Impact

Exploitation of this vulnerability leads to a crash of the Access and Mobility Management Function (AMF), causing a denial-of-service condition that disrupts cellular services.

Reproduction

The vulnerability can be reproduced by sending an 'Initial UE Message' S1AP packet that contains a malformed Linked TI Information Element. This can be done by establishing a connection to the AMF and transmitting the crafted packet over the N2 interface.

Remediation

Users can upgrade to Magma version 1.9.0 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

8.8

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

8.8

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Magma Linked TI IE NAS Packet Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Magma

Open5GS

NextEPC

Athonet vEPC MME

Nucleus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating