Open5GS Assertion Failure Vulnerability in AMF Service PDU Session Handling

A reachable assertion vulnerability has been identified in Open5GS versions through 2.7.5, specifically within the AMF service's PDU session handling function. The issue arises from improper state validation during the release of session management context, particularly when the system is in security mode. This flaw can lead to a fatal assertion failure, causing crashes in the AMF service. The vulnerability can be exploited locally by sending malformed NAS messages, disrupting core network availability.

Impact

Exploitation of this vulnerability causes the AMF service to crash, leading to a denial of service in the core network.

Reproduction

To reproduce this vulnerability, first ensure that all Open5GS network functions are running. Then, send a request to release the session management context while the system is in security mode. This can be done by replaying a specific seed that triggers the invalid state transition, causing the AMF to encounter an assertion failure.

Remediation

Users are advised to update to Open5GS version 2.7.6 or later, where this vulnerability has been fixed.