Cyber Resilience

CVE-2024-24417

HighPublic PoC

Published: 21 January 2025

Published
21 January 2025
Modified
14 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0017 37.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24417 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linuxfoundation Magma. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-24417 is a buffer overflow vulnerability affecting the Linux Foundation's Magma project in versions up to and including 1.8.0. The flaw exists in the decode_protocol_configuration_options function within the file /3gpp/3gpp_24.008_sm_ies.c. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-125 (Out-of-bounds Read) and CWE-120 (Buffer Copy without Checking Size of Input).

The vulnerability can be exploited remotely by unauthenticated attackers with network access, requiring low complexity and no user interaction. By crafting and transmitting a malicious NAS packet, an attacker can trigger the buffer overflow, resulting in a Denial of Service (DoS) that crashes the affected component and disrupts service availability.

Mitigation is available in Magma version 1.9 through commit 08472ba98b8321f802e95f5622fa90fec2dea486. Security practitioners should update to this fixed version or apply the patch. Further details on the advisory are provided at https://cellularsecurity.org/ransacked.

EU & UK References

Vulnerability details

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated network exploit of public-facing service directly enables T1190; crafted packet triggers application crash enabling T1499.004 DoS via exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-24416Same product: Linuxfoundation Magma
CVE-2024-24419Same product: Linuxfoundation Magma
CVE-2024-24420Same product: Linuxfoundation Magma
CVE-2024-24418Same product: Linuxfoundation Magma
CVE-2024-24423Same product: Linuxfoundation Magma
CVE-2024-24422Same product: Linuxfoundation Magma
CVE-2024-24421Same product: Linuxfoundation Magma
CVE-2023-37032Same product: Linuxfoundation Magma
CVE-2023-37029Same product: Linuxfoundation Magma
CVE-2023-37024Same product: Linuxfoundation Magma

Affected Assets

linuxfoundation
magma
≤ 1.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely patching to Magma v1.9, which fixes the buffer overflow in decode_protocol_configuration_options.

prevent

Mandates validation of NAS packet inputs at decoding points to block crafted packets causing buffer overflows.

preventdetect

Protects against and limits effects of DoS attacks, including remote crashes from buffer overflows in network-facing components like Magma.

References