Cyber Resilience

CVE-2024-24422

HighPublic PoC

Published: 21 January 2025

Published
21 January 2025
Modified
19 March 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0017 37.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24422 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linuxfoundation Magma. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 37.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-24422 is a stack-based buffer overflow vulnerability (CWE-787) in the Linux Foundation's Magma project, affecting versions up to and including 1.8.0. The flaw resides in the decode_protocol_configuration_options function within the file /3gpp/3gpp_24.008_sm_ies.c. It enables attackers to trigger a denial of service (DoS) condition by sending a specially crafted Non-Access Stratum (NAS) packet. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for significant availability disruption.

Any unauthenticated attacker with network access to a vulnerable Magma deployment can exploit this issue, as it requires no privileges or user interaction and has low attack complexity. By transmitting a malicious NAS packet, the attacker causes a stack overflow, leading to application crashes or service unavailability, effectively denying service to legitimate users of the affected cellular network infrastructure.

The vulnerability is fixed in Magma version 1.9 via commit 08472ba98b8321f802e95f5622fa90fec2dea486. Security practitioners should update to this version or later and review the advisory at https://cellularsecurity.org/ransacked for additional details on mitigation and verification steps.

EU & UK References

Vulnerability details

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

CVE describes remote unauthenticated DoS via crafted NAS packet exploiting buffer overflow in decode function, directly enabling application/system exploitation for availability impact (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-24423Same product: Linuxfoundation Magma
CVE-2024-24419Same product: Linuxfoundation Magma
CVE-2024-24418Same product: Linuxfoundation Magma
CVE-2024-24416Same product: Linuxfoundation Magma
CVE-2024-24417Same product: Linuxfoundation Magma
CVE-2023-37029Same product: Linuxfoundation Magma
CVE-2024-24420Same product: Linuxfoundation Magma
CVE-2023-37024Same product: Linuxfoundation Magma
CVE-2023-37032Same product: Linuxfoundation Magma
CVE-2024-24421Same product: Linuxfoundation Magma

Affected Assets

linuxfoundation
magma
≤ 1.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring timely remediation through patching to Magma v1.9 or later, eliminating the stack overflow in decode_protocol_configuration_options.

prevent

Prevents exploitation by enforcing validation of NAS packet inputs, including protocol configuration options, to block malformed data causing buffer overflows.

prevent

Mitigates DoS impact from crafted NAS packets by implementing protections that limit effects of resource exhaustion due to stack overflows.

References