Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pfcp: The device is destroyed along with the udp socket’s netns structure. The pfcpnewlink function links the device to a specific list in devnetdev, rather than to net, where an udp tunnel socket is created. Even when net is...

CVE-2026-26025

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP UDP/8805 interface. No known upstrea...

CVE-2025-69247

free5GC go-upf is the User Plane Function UPF implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow CWE-122 vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the PFCP SessionReportRequest process when ReportType.USAR is set to 1 and the UsageReport omits the mandatory URRID sub-IE. An attacker can cause the service to crash and terminate by sending a specially...

CVE-2026-26024

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP UDP/8805 interface. No known upstrea...

CVE-2026-25501 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.DLDR is set but DownlinkDataReport IE is missing

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP...

CVE-2025-69247

The CVE-2025-69247 entry concerns the free5GC go-upf UPF component. Versions prior to 1.2.8 are affected by a Heap-based Buffer Overflow (CWE-122) triggered by a PFCP Session Modification Request with an invalid SDF Filter length field, causing denial of service and potential cascading SMF impact...

CVE-2025-69232

CVE-2025-69232 affects free5GC go-upf up to version 1.2.6 and free5gc smf up to 1.4.0. It is an Improper Input Validation and Protocol Compliance vulnerability that can cause Denial of Service: a remote attacker sends a malformed PFCP Association Setup Request, which UPF accepts and enters an inc...

CVE-2026-2525

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2026-2525 Free5GC PFCP UDP Endpoint denial of service

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2026-2525

CVE-2026-2525 affects Free5GC up to release 4.1.0. The issue is in an unknown function of the PFCP UDP Endpoint component, where manipulation leads to a remote denial of service. Public disclosure of the exploit is noted, with exploitation maturity described as a Proof-of-Concept in some sources....

PT-2026-8297

A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-70123

An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a...

CVE-2025-70122

A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function sdf-filter.go when processing a declared length that...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the SDFFilterFields.UnmarshalBinary function when processing a declared length that exceeds the actual buffer capacity. An attacker can cause a crash of the UPF component by sending a specially crafted PFC...

CVE-2025-70122

A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function sdf-filter.go when processing a declared length that...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Version 4.0.1 of free5GC contains a security vulnerability caused by a heap buffer overflow in the UPF component. This vulnerability could allow remote attackers to exploit it through a specially crafted PFCP Session...

CVE-2025-70122

A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function sdf-filter.go when processing a declared length that...

CVE-2026-1973

A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. I...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the establishPfcpSession function. An attacker can cause a denial of service by sending specially crafted requests that trigger a null pointer dereference in the SMF component. Remediation Upgrade...