Cyber Resilience

CVE-2024-24418

HighPublic PoC

Published: 21 January 2025

Published
21 January 2025
Modified
24 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0017 37.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24418 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Linuxfoundation Magma. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 37.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-24418 is a buffer overflow vulnerability (CWE-120) in the Linux Foundation's Magma project, affecting versions up to and including 1.8.0. The flaw resides in the decode_pdn_address function located at /nas/ies/PdnAddress.cpp. It was fixed in Magma v1.9 via commit 08472ba98b8321f802e95f5622fa90fec2dea486. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its potential for remote denial-of-service.

Unauthenticated attackers with network access can exploit this vulnerability by sending a specially crafted NAS (Non-Access Stratum) packet to the affected Magma instance. Successful exploitation triggers the buffer overflow, leading to a denial-of-service condition, such as application crashes or service disruptions, without requiring user interaction or privileges.

Mitigation involves upgrading to Magma v1.9 or later, which includes the fixing commit 08472ba98b8321f802e95f5622fa90fec2dea486. Additional details are available in the advisory at https://cellularsecurity.org/ransacked.

EU & UK References

Vulnerability details

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in network-accessible decode_pdn_address function directly enables remote unauthenticated application exploitation leading to DoS (A:H impact).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-24419Same product: Linuxfoundation Magma
CVE-2024-24416Same product: Linuxfoundation Magma
CVE-2024-24422Same product: Linuxfoundation Magma
CVE-2024-24417Same product: Linuxfoundation Magma
CVE-2023-37029Same product: Linuxfoundation Magma
CVE-2024-24420Same product: Linuxfoundation Magma
CVE-2024-24423Same product: Linuxfoundation Magma
CVE-2023-37024Same product: Linuxfoundation Magma
CVE-2024-24421Same product: Linuxfoundation Magma
CVE-2023-37032Same product: Linuxfoundation Magma

Affected Assets

linuxfoundation
magma
≤ 1.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely patching of known software flaws like the buffer overflow in Magma's decode_pdn_address function, directly aligning with the upgrade to v1.9 mitigation.

prevent

Requires validation of untrusted inputs such as crafted NAS packets to prevent buffer overflows in decoding functions.

preventdetect

Provides mechanisms to protect against denial-of-service from remote exploitation of buffer overflows via specially crafted packets.

References