CVE-2024-24421 – A type confusion vulnerability in Magma's NAS m... (How to Fix)

Q: How do I fix CVE-2024-24421?

1. Backup current configuration and data. 2. Update Magma to version 1.9 or later. 3. Apply commit 08472ba98b8321f802e95f5622fa90fec2dea486 if using source build. 4. Restart Magma services. 5. Verify functionality and monitor for issues.

Q: What is the severity of CVE-2024-24421?

CVE-2024-24421 has a CVSS score of 9.8 (CRITICAL). A type confusion vulnerability in Magma's NAS message decoding function allows attackers to execute arbitrary code or cause denial of service via specially crafted NAS packets. This affects Magma cellular core network software versions 1.8.0 and earlier. Attackers can exploit this remotely without authentication.

📋 TL;DR

A type confusion vulnerability in Magma's NAS message decoding function allows attackers to execute arbitrary code or cause denial of service via specially crafted NAS packets. This affects Magma cellular core network software versions 1.8.0 and earlier. Attackers can exploit this remotely without authentication.

💻 Affected Systems

Products:

Magma cellular core network software

Versions: <= 1.8.0

Operating Systems: Linux-based systems running Magma

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable Magma versions are affected regardless of configuration. The vulnerability is in the core NAS message handling code.

📦 What is this software?

Magma by Linuxfoundation

View all CVEs affecting Magma →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the cellular network infrastructure.

🟠

Likely Case

Denial of service causing service disruption in the cellular core network, potentially affecting subscriber connectivity and network operations.

🟢

If Mitigated

Limited impact if network segmentation and proper access controls prevent external attackers from reaching vulnerable interfaces.

🌐 Internet-Facing: HIGH - NAS packets can originate from external sources including user equipment and roaming partners, making internet-facing interfaces vulnerable.

🏢 Internal Only: MEDIUM - Internal network segments may still be vulnerable to attacks from compromised devices or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious NAS packets but doesn't require authentication. The type confusion vulnerability could lead to memory corruption and code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9 (specifically commit 08472ba98b8321f802e95f5622fa90fec2dea486)

Vendor Advisory: https://cellularsecurity.org/ransacked

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Update Magma to version 1.9 or later. 3. Apply commit 08472ba98b8321f802e95f5622fa90fec2dea486 if using source build. 4. Restart Magma services. 5. Verify functionality and monitor for issues.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to Magma NAS interfaces using firewall rules to only trusted sources.

iptables -A INPUT -p tcp --dport <magma_port> -s <trusted_network> -j ACCEPT
iptables -A INPUT -p tcp --dport <magma_port> -j DROP

Rate Limiting

linux

Implement rate limiting on NAS packet processing to reduce DoS impact.

iptables -A INPUT -p tcp --dport <magma_port> -m limit --limit 100/minute --limit-burst 200 -j ACCEPT

🧯 If You Can't Patch

Implement strict network access controls to limit which devices can send NAS packets to vulnerable systems.
Deploy intrusion detection systems to monitor for anomalous NAS packet patterns and potential exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check Magma version: magma version | grep 'Magma version' and compare to 1.8.0 or earlier.

Check Version:

magma version | grep 'Magma version'

Verify Fix Applied:

Verify version is 1.9 or later: magma version | grep 'Magma version' and confirm commit includes 08472ba98b8321f802e95f5622fa90fec2dea486.

📡 Detection & Monitoring

Log Indicators:

Unusual NAS message decoding errors
Memory access violation logs
Service crashes in magma-nasd process

Network Indicators:

Malformed NAS packets with unusual type fields
High volume of NAS packets from single sources
NAS packets with crafted type confusion patterns

SIEM Query:

source="magma" AND ("nas_message_decode" OR "type confusion" OR "memory violation")

📊 Metadata

CVE ID: CVE-2024-24421

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.33% exploit probability (55.5th percentile)

Published: January 21, 2025

Last Updated: July 3, 2025

🔗 References

https://cellularsecurity.org/ransacked Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24421, you might also want to check these: