OpenAirInterface CN5G AMF Improper File Descriptor Handling in Closed Connections Allowing Denial-of-Service

A denial-of-service vulnerability has been identified in OpenAirInterface CN5G AMF versions through 2.0.0. The issue arises from improper handling of file descriptors for closed SCTP connections, specifically on the N2 interface. This flaw allows attackers to exhaust server resources by repeatedly opening and closing connections, leading to resource exhaustion and potential service disruption.

Impact

Exploitation of this vulnerability causes resource exhaustion on the server, leading to a denial-of-service condition where the server becomes overwhelmed and unable to handle legitimate connections or requests.

Reproduction

The vulnerability can be reproduced by establishing more than 1024 SCTP connections to the server's N2 interface, which can be done by an unauthenticated mobile device or over the internet using Wi-Fi calling. Once the connection limit is exceeded, the server will crash.