CVE-2024-24416 – A buffer overflow vulnerability in Magma's deco... (How to Fix)

Q: How do I fix CVE-2024-24416?

1. Update Magma to version 1.9 or later. 2. Apply commit 08472ba98b8321f802e95f5622fa90fec2dea486 if using custom builds. 3. Verify the fix by checking the updated 3gpp_24.008_sm_ies.c file.

Q: What is the severity of CVE-2024-24416?

CVE-2024-24416 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in Magma's decode_access_point_name_ie function allows attackers to cause denial of service via crafted NAS packets. This affects Magma cellular core network software users running vulnerable versions. The vulnerability is in 3GPP protocol handling code.

📋 TL;DR

A buffer overflow vulnerability in Magma's decode_access_point_name_ie function allows attackers to cause denial of service via crafted NAS packets. This affects Magma cellular core network software users running vulnerable versions. The vulnerability is in 3GPP protocol handling code.

💻 Affected Systems

Products:

Linux Foundation Magma

Versions: <= 1.8.0

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with NAS packet processing enabled. Magma is used for cellular core network functions including MME, SGW, and PGW components.

📦 What is this software?

Magma by Linuxfoundation

View all CVEs affecting Magma →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Magma-based cellular networks, potentially affecting mobile connectivity for end users.

🟠

Likely Case

Service instability or crashes in Magma components handling NAS signaling, leading to temporary connectivity issues.

🟢

If Mitigated

Limited impact if network segmentation and packet filtering prevent malicious NAS packets from reaching vulnerable systems.

🌐 Internet-Facing: MEDIUM - Magma components may be exposed to cellular network interfaces, but exploitation requires specific NAS protocol knowledge.

🏢 Internal Only: MEDIUM - Internal cellular network interfaces could be targeted by compromised devices or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting valid NAS packets with malicious content. Attackers need access to cellular network interfaces.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9 (commit 08472ba98b8321f802e95f5622fa90fec2dea486)

Vendor Advisory: https://cellularsecurity.org/ransacked

Restart Required: No

Instructions:

1. Update Magma to version 1.9 or later. 2. Apply commit 08472ba98b8321f802e95f5622fa90fec2dea486 if using custom builds. 3. Verify the fix by checking the updated 3gpp_24.008_sm_ies.c file.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Magma components from untrusted network segments and implement strict firewall rules for NAS protocol traffic.

Packet Filtering

all

Implement network-level filtering for suspicious NAS packets using IDS/IPS systems with custom rules for Magma traffic.

🧯 If You Can't Patch

Implement strict network access controls to limit NAS packet sources to trusted cellular network elements only.
Deploy intrusion detection systems to monitor for anomalous NAS packet patterns and potential exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check Magma version: magma version | grep -i version. If version <= 1.8.0, system is vulnerable.

Check Version:

magma version

Verify Fix Applied:

Verify Magma version is >= 1.9 or check for commit 08472ba98b8321f802e95f5622fa90fec2dea486 in git log.

📡 Detection & Monitoring

Log Indicators:

Magma process crashes or restarts
Error messages related to decode_access_point_name_ie
Memory corruption warnings in system logs

Network Indicators:

Unusual NAS packet patterns
NAS packets with abnormally large access point name fields
Traffic from unexpected sources to Magma NAS interfaces

SIEM Query:

source="magma" AND ("crash" OR "segmentation fault" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2024-24416

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

EPSS Score: 0.29% exploit probability (52.2th percentile)

Published: January 21, 2025

Last Updated: March 15, 2025

🔗 References

https://cellularsecurity.org/ransacked Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24416, you might also want to check these: