CVE-2024-24447 identifies a buffer overflow vulnerability in the ngap_amf_handle_pdu_session_resource_setup_response function within the oai-cn5g-amf software component, which is part of the OpenAirInterface (OAI) 5G core network implementation. This vulnerability exists in versions up to 2.0.0. The flaw arises when the function processes a PDU Session Resource Setup Response message that contains an empty Response Item list. Due to improper bounds checking or insufficient validation of this list, the buffer overflow can be triggered, causing the AMF process to crash or become unresponsive, resulting in a Denial of Service (DoS). The vulnerability requires an attacker to send a crafted PDU Session Resource Setup Response message over the network, which implies network-level access and low privileges but no user interaction. The vulnerability is classified under CWE-120 (Classic Buffer Overflow). The CVSS v3.1 base score is 5.3, indicating a medium severity level with the vector AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H. This means the attack is network-based, requires high attack complexity, low privileges, no user interaction, unchanged scope, no impact on confidentiality or integrity, but high impact on availability. No public exploits or patches have been reported at the time of publication. The vulnerability affects the availability of the AMF, a critical component in 5G core networks responsible for mobility management and session handling. Successful exploitation could disrupt 5G network services, impacting subscriber connectivity and network reliability.

The primary impact of CVE-2024-24447 is a Denial of Service (DoS) condition affecting the AMF component of 5G core networks using the oai-cn5g-amf implementation. This can lead to service outages or degraded network performance, disrupting subscriber connectivity and mobility management functions. Organizations deploying open-source 5G core network solutions, particularly those relying on OAI's AMF, face risks of network instability and potential downtime. The disruption could affect telecommunications providers, enterprises using private 5G networks, and critical infrastructure relying on 5G connectivity. While confidentiality and integrity are not directly impacted, availability degradation can have cascading effects on dependent services and applications. The medium CVSS score reflects the moderate ease of exploitation and the significant operational impact of service disruption. Given the critical role of AMF in 5G networks, even temporary outages can result in customer dissatisfaction, regulatory scrutiny, and financial losses for service providers.

To mitigate CVE-2024-24447, organizations should prioritize the following actions: 1) Apply any available patches or updates from the OpenAirInterface project addressing this vulnerability as soon as they are released. 2) Implement strict input validation and bounds checking on PDU Session Resource Setup Response messages within the AMF to prevent buffer overflow conditions. 3) Deploy network-level filtering and anomaly detection to identify and block malformed or suspicious NGAP messages that could exploit this vulnerability. 4) Isolate and segment the 5G core network components to limit exposure and reduce the attack surface. 5) Monitor AMF logs and performance metrics for signs of crashes or unusual behavior indicative of exploitation attempts. 6) Conduct regular security assessments and code reviews of open-source 5G core components before deployment. 7) Engage with the OAI community and security advisories to stay informed about updates and best practices. These measures go beyond generic advice by focusing on proactive validation, network controls, and community engagement specific to open-source 5G core deployments.