CVE-2023-37029
Published: 21 January 2025
Summary
CVE-2023-37029 is a high-severity Reachable Assertion (CWE-617) vulnerability in Linuxfoundation Magma. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2023-37029 is an assertion-based denial-of-service vulnerability affecting Magma versions up to and including 1.8.0, specifically impacting the Mobility Management Entity (MME) component. The flaw triggers a crash when the MME processes an oversized Non-Access Stratum (NAS) packet, as rated at CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and mapped to CWE-617 (Reachable Assertion). This issue was fixed in Magma version 1.9 via commit 08472ba98b8321f802e95f5622fa90fec2dea486.
An attacker can exploit this vulnerability over the network with low complexity and no privileges required. Exploitation is possible either through a compromised base station or by using an unauthenticated cellphone within range of a base station managed by the vulnerable MME. By sending oversized NAS packets repeatedly, the attacker can cause ongoing crashes of the MME, resulting in a denial of service that disrupts network connectivity for users relying on the affected infrastructure.
Mitigation requires upgrading to Magma v1.9 or later, incorporating the specified fixing commit. Additional details on the vulnerability, including technical analysis, are available in the advisory at https://cellularsecurity.org/ransacked.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-40949
Vulnerability details
Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or…
more
via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directly enables application exploitation to crash the MME service, matching Endpoint DoS via vulnerability trigger.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates incoming NAS packets to reject oversized inputs before they reach the assertion check in the MME, directly preventing the crash.
Implements network-level protections such as rate limiting and traffic filtering to mitigate repeated oversized NAS packet floods causing MME DoS.
Ensures timely application of the Magma v1.9 patch that fixes the assertion failure on oversized NAS packets.