CVE-2023-37029
Published: 21 January 2025
Summary
CVE-2023-37029 is a high-severity Reachable Assertion (CWE-617) vulnerability in Linuxfoundation Magma. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 34.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates incoming NAS packets to reject oversized inputs before they reach the assertion check in the MME, directly preventing the crash.
Implements network-level protections such as rate limiting and traffic filtering to mitigate repeated oversized NAS packet floods causing MME DoS.
Ensures timely application of the Magma v1.9 patch that fixes the assertion failure on oversized NAS packets.
NVD Description
Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or…
more
via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.
Deeper analysisAI
CVE-2023-37029 is an assertion-based denial-of-service vulnerability affecting Magma versions up to and including 1.8.0, specifically impacting the Mobility Management Entity (MME) component. The flaw triggers a crash when the MME processes an oversized Non-Access Stratum (NAS) packet, as rated at CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and mapped to CWE-617 (Reachable Assertion). This issue was fixed in Magma version 1.9 via commit 08472ba98b8321f802e95f5622fa90fec2dea486.
An attacker can exploit this vulnerability over the network with low complexity and no privileges required. Exploitation is possible either through a compromised base station or by using an unauthenticated cellphone within range of a base station managed by the vulnerable MME. By sending oversized NAS packets repeatedly, the attacker can cause ongoing crashes of the MME, resulting in a denial of service that disrupts network connectivity for users relying on the affected infrastructure.
Mitigation requires upgrading to Magma v1.9 or later, incorporating the specified fixing commit. Additional details on the vulnerability, including technical analysis, are available in the advisory at https://cellularsecurity.org/ransacked.
Details
- CWE(s)