CVE-2024-24443
📋 TL;DR
An uninitialized pointer dereference vulnerability in OpenAirInterface CN5G AMF allows attackers to cause Denial of Service (DoS) by sending a crafted PDU Session Resource Setup Response message. This affects cellular network operators and organizations using OpenAirInterface 5G core networks. The vulnerability can crash the AMF component, disrupting 5G service availability.
💻 Affected Systems
- OpenAirInterface CN5G AMF (oai-cn5g-amf)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete AMF service crash leading to widespread 5G service disruption, affecting all connected devices and network operations in the affected area.
Likely Case
Targeted AMF instance crashes causing localized service disruption for specific network slices or user groups until service restart.
If Mitigated
Isolated AMF instance failure with automatic failover to redundant systems, causing minimal service interruption.
🎯 Exploit Status
Exploitation requires sending crafted NGAP messages to the AMF, which typically requires network access to the N2 interface. No authentication needed for the crafted message.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.0.1 or later
Vendor Advisory: http://openairinterface.com
Restart Required: Yes
Instructions:
1. Check current version with 'git describe --tags'. 2. Update to v2.0.1 or later: 'git checkout v2.0.1'. 3. Rebuild AMF: 'cd cmake_targets && ./build_oai -c --gNB -w SIMU'. 4. Restart AMF service.
🔧 Temporary Workarounds
Network Segmentation
linuxRestrict access to AMF N2 interface to trusted gNBs only using firewall rules.
iptables -A INPUT -p sctp --dport 38412 -s [trusted_gNB_IP] -j ACCEPT
iptables -A INPUT -p sctp --dport 38412 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to AMF N2 interface (port 38412/SCTP)
- Deploy redundant AMF instances with automatic failover to minimize service impact
🔍 How to Verify
Check if Vulnerable:
Check AMF version: 'cd /path/to/oai-cn5g-amf && git describe --tags'. If output shows v2.0.0 or earlier, system is vulnerable.Check Version:
cd /path/to/oai-cn5g-amf && git describe --tagsVerify Fix Applied:
After update, verify version shows v2.0.1 or later: 'git describe --tags'. Test with valid PDU session setup responses.📡 Detection & Monitoring
Log Indicators:
- AMF process crashes or restarts
- Segmentation fault errors in AMF logs
- Unexpected termination of ngap_handle_pdu_session_resource_setup_response
Network Indicators:
- Malformed NGAP messages to AMF port 38412
- SCTP packets with abnormal PDU session response parameters
SIEM Query:
source="amf.log" AND ("segmentation fault" OR "SIGSEGV" OR "uninitialized pointer")