591 matches found
CVE-2026-20461
Vulnerability summary (CVE-2026-20461): In the Modem, there is a possible out-of-bounds write caused by a missing bounds check. This can lead to a remote denial of service when a UE connects to a rogue base station controlled by an attacker, with no additional execution privileges required and no...
CVE-2026-20460
The CVE-2026-20460 entry describes an information-disclosure flaw in a Modem component caused by improper input validation. An attacker-controlled rogue base station could trigger remote disclosure without needing user interaction or additional privileges. The vulnerability affects the Modem (spe...
CVE-2026-20459
CVE-2026-20459: In Modem, a crash can occur due to improper input validation, enabling remote denial of service when a UE connects to a rogue base station; no user interaction required. Exploitation specifics are not provided in the documents. Remediation is listed as Patch MOLY01816800 (MSV-6842...
CVE-2026-20458
The CVE-2026-20458 entry describes a memory corruption in a Modem component caused by a missing bounds check, allowing remote escalation of privilege when a user equipment connects to a rogue base station, with no user interaction required. The vulnerability is tied to Patch ID MOLY01402160 and I...
CVE-2026-20457
CVE-2026-20457 affects the modem component. The issue is a system crash caused by improper input validation, enabling a remote denial-of-service when a UE connects to a rogue base station, with no extra execution privileges or user interaction required. The vulnerability details are documented ac...
Astra Linux – Vulnerability in ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was detected within the smsdecodeaddressfield function during the SMS PDU decoding process. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, ...
Astra Linux – Vulnerability in ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodestatusreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS...
Astra Linux – Vulnerability in ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodedeliver function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS. There i...
CVE-2026-20449
In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...
CVE-2026-20450
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch...
PT-2026-45511
Name of the Vulnerable Software and Affected Versions OpenAirInterface5G version 2.4.0 Description An issue exists in the E2SM-KPM RAN Function's PRB utilization metric calculation within the nr-softmodem component. The functions fill RRU PrbTotDl and fill RRU PrbTotUl compute PRB usage percentag...
CVE-2026-37232
An issue was discovered in OpenAirInterface5G 2.4.0 nr-softmodem in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fillRRUPrbTotDl and fillRRUPrbTotUl in openair2/E2AP/RANFUNCTION/O-RAN/ranfunckpmsubs.c lines 182 and 197 compute PRB usage percentages by dividing by...
openairinterface5G 安全漏洞
openairinterface5G is an open-source implementation of the OAI project, focusing on the research, development, and testing of 5G NR New Radio core networks and access networks. Version 2.4.0 of openairinterface5G contains a security vulnerability. This vulnerability stems from the E2SM-KPM RAN...
Improperly Implemented Security Check for Standard
Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...
Improperly Implemented Security Check for Standard
Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...
Improperly Implemented Security Check for Standard
Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...
CVE-2026-44475
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with...
CVE-2026-44318 free5GC: BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if t...
CVE-2026-44475 Ella Core: UE Security Capability bypass on NGAP PathSwitchRequest
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with...
CVE-2026-44474
Ella Core (5G private-net Core) is affected prior to version 1.10.0 by a race in security procedures: it did not enforce TS 33.501 §6.9.5.1 when Security Mode Command and N2 handover run concurrently. This can cause a KgNB mismatch between the UE and target gNB, leading to handover failure. The i...