CVE-2023-37033 – A null pointer dereference vulnerability in Mag... (How to Fix)

Q: How do I fix CVE-2023-37033?

1. Update Magma to version 1.9 or later. 2. Apply commit 08472ba98b8321f802e95f5622fa90fec2dea486 if using source build. 3. Restart the MME service.

Q: What is the severity of CVE-2023-37033?

CVE-2023-37033 has a CVSS score of 6.5 (MEDIUM). A null pointer dereference vulnerability in Magma's Mobile Management Entity (MME) allows network-adjacent attackers to crash the MME service by sending a malformed S1AP Initial UE Message packet missing the EUTRAN_CGI field. This affects Magma cellular core network deployments running versions 1.8.0 and earlier, potentially causing service disruption for mobile subscribers.

📋 TL;DR

A null pointer dereference vulnerability in Magma's Mobile Management Entity (MME) allows network-adjacent attackers to crash the MME service by sending a malformed S1AP Initial UE Message packet missing the EUTRAN_CGI field. This affects Magma cellular core network deployments running versions 1.8.0 and earlier, potentially causing service disruption for mobile subscribers.

💻 Affected Systems

Products:

Magma (Open Source Mobile Core)

Versions: <= 1.8.0

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments using the MME component. The vulnerability is triggered via the S1AP interface connecting to eNodeBs.

📦 What is this software?

Magma by Linuxfoundation

View all CVEs affecting Magma →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete MME service crash leading to denial of service for all mobile subscribers in the affected area, requiring manual restart of the MME component.

🟠

Likely Case

Service disruption affecting mobile connectivity in the impacted network segment until MME is restarted.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring to detect and block malicious S1AP traffic.

🌐 Internet-Facing: LOW - Requires network adjacency to the MME interface, not directly internet-exposed in typical deployments.

🏢 Internal Only: MEDIUM - Attackers must be on the same network segment as the MME's S1 interface, which could include compromised eNodeBs or internal network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a specifically crafted S1AP packet to the MME's S1 interface, which is accessible to network-adjacent devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9 (commit 08472ba98b8321f802e95f5622fa90fec2dea486)

Vendor Advisory: https://cellularsecurity.org/ransacked

Restart Required: Yes

Instructions:

1. Update Magma to version 1.9 or later. 2. Apply commit 08472ba98b8321f802e95f5622fa90fec2dea486 if using source build. 3. Restart the MME service.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to MME S1 interface to trusted eNodeBs only using firewall rules.

iptables -A INPUT -p sctp --dport 36412 -s trusted_enodeb_ip -j ACCEPT
iptables -A INPUT -p sctp --dport 36412 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit S1 interface access to authorized eNodeBs only.
Deploy network monitoring to detect and alert on malformed S1AP packets or MME service crashes.

🔍 How to Verify

Check if Vulnerable:

Check Magma version: magma version | grep -i version. If version <= 1.8.0, system is vulnerable.

Check Version:

magma version

Verify Fix Applied:

Verify version is >= 1.9 and check that commit 08472ba98b8321f802e95f5622fa90fec2dea486 is present in the MME code.

📡 Detection & Monitoring

Log Indicators:

MME service crash logs
Null pointer exception in MME logs
S1AP protocol errors

Network Indicators:

Malformed S1AP packets missing EUTRAN_CGI field
Unusual S1AP traffic from non-eNodeB sources

SIEM Query:

source="magma_mme.log" AND ("null pointer" OR "segmentation fault" OR "crash")

📊 Metadata

CVE ID: CVE-2023-37033

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.15% exploit probability (36.2th percentile)

Published: January 21, 2025

Last Updated: March 20, 2025

🔗 References

https://cellularsecurity.org/ransacked Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37033, you might also want to check these: