The Linux Foundation Magma
Moderate fix1 remedy
cpe:2.3:a:linuxfoundation:magma:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 1.8.0
The Linux Foundation Magma Buffer Overflow Vulnerability in NAS Packet Processing Allowing Denial-of-Service
Vulnerability
Patched
A buffer overflow vulnerability has been identified in The Linux Foundation Magma version 1.8.0 and prior. This issue arises in the 'decode_esm_message_container' function within the 'EsmMessageContainer.cpp' file. The vulnerability allows attackers to craft specific NAS packets that, when processed, cause a denial-of-service condition by crashing the Mobility Management Entity (MME) or Access and Mobility Management Function (AMF) in the cellular network.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing persistent disruption of all cellular communications, including voice calls, messaging, and data services, at a city-wide level.
Reproduction
The vulnerability can be reproduced by sending a crafted Initial UE Message S1AP packet that includes a malformed ESM Message. This can be done over the N2 interface, which is accessible to remote attackers.
Remediation
Users can upgrade to Magma version 1.9 or later, where this vulnerability has been fixed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
2.5exploitability
9.1remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.