CVE-2024-38920
📋 TL;DR
CVE-2024-38920 is a use-after-free vulnerability in ROS2 Nav2's AMCL component that allows remote attackers to potentially execute arbitrary code or crash the navigation system by sending a specific parameter change request. This affects ROS2 Humble distributions running Nav2 with AMCL enabled. Systems using ROS2 for robotics, autonomous vehicles, or industrial automation are vulnerable.
💻 Affected Systems
- ROS2 Navigation2 (Nav2)
- ROS2 AMCL
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, allowing attackers to take control of robotic systems, manipulate navigation data, or cause physical damage in safety-critical applications.
Likely Case
Service disruption through process crashes, causing navigation failures in autonomous systems, potentially leading to operational downtime or safety incidents.
If Mitigated
Limited impact with proper network segmentation and access controls, potentially only causing service restarts without code execution.
🎯 Exploit Status
Exploitation requires network access to ROS2 parameter service. No authentication needed for parameter changes in default configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in navigation2 pull request #4397
Vendor Advisory: https://github.com/ros-navigation/navigation2/issues/4379
Restart Required: Yes
Instructions:
1. Update navigation2 package to latest version. 2. Rebuild ROS2 workspace. 3. Restart all Nav2 and AMCL processes.
🔧 Temporary Workarounds
Disable AMCL Parameter Service
linuxPrevent remote parameter changes to AMCL by disabling or restricting access to the parameter service
ros2 param set /amcl use_sim_time true
Configure ROS2 security to restrict parameter access
Network Segmentation
linuxIsolate ROS2 network from untrusted systems using firewall rules
iptables -A INPUT -p tcp --dport 11311 -j DROP
ufw deny 11311/tcp
🧯 If You Can't Patch
- Implement strict network segmentation to isolate ROS2 systems from untrusted networks
- Deploy ROS2 security features (SROS2) to enforce authentication and encryption
🔍 How to Verify
Check if Vulnerable:
Check if running ROS2 Humble with Nav2 AMCL and verify version is before the fix in PR #4397Check Version:
ros2 pkg list | grep navigation2 && dpkg -l | grep ros-humble-navigation2Verify Fix Applied:
Verify navigation2 package includes the fix from PR #4397 and test parameter changes don't crash AMCL📡 Detection & Monitoring
Log Indicators:
- AMCL process crashes
- Segmentation faults in nav2_amcl logs
- Unexpected parameter change requests to /amcl
Network Indicators:
- Unusual ROS2 parameter service requests to port 11311
- Traffic to AMCL nodes from unexpected sources
SIEM Query:
process.name="nav2_amcl" AND event.action="segmentation fault" OR network.destination.port=11311 AND network.protocol="ROS2"