Severity by source
AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Lifecycle Timeline
4DescriptionGitHub Advisory
Summary
The AMF in Free5GC v4.2.1 does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the AMF's stored UE security capabilities with arbitrary values, which are then propagated in PathSwitchRequest Acknowledge messages and subsequent Handover Request messages. This leads to persistent handover denial-of-service for affected UEs.
Details
Affected File: amf/internal/ngap/handler.go - handlePathSwitchRequestMain function
Root Cause:
When the AMF receives a PathSwitchRequest during an Xn-handover, it processes the UESecurityCapabilities IE by directly overwriting the stored values without comparing them to the previously stored capabilities:
if uESecurityCapabilities != nil {
amfUe.UESecurityCapability.SetEA1_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x80)
amfUe.UESecurityCapability.SetEA2_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x40)
amfUe.UESecurityCapability.SetEA3_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x20)
amfUe.UESecurityCapability.SetIA1_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] & 0x80)
amfUe.UESecurityCapability.SetIA2_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] & 0x40)
amfUe.UESecurityCapability.SetIA3_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] & 0x20)
}3GPP TS 33.501 §6.7.3.1 requires three actions, none of which are implemented:
- Verification (SHALL): "The AMF shall verify that the UE's 5G security capabilities received from the target gNB/ng-eNB are the same as the UE's 5G security capabilities that the AMF has locally stored."
→ Not implemented. The AMF unconditionally overwrites stored values.
- Correction (SHALL): "If there is a mismatch, the AMF shall send its locally stored 5G security capabilities of the UE to the target gNB/ng-eNB in the Path-Switch Acknowledge message."
→ Not implemented. The PathSwitchRequestAcknowledge contains the corrupted values.
- Logging (SHALL): "The AMF shall support logging capabilities for this event and may take additional measures, such as raising an alarm."
→ Not implemented. No mismatch detection or logging exists.
Propagation:
The corrupted values are propagated in:
- PathSwitchRequestAcknowledge: Contains corrupted UESecurityCapabilities (demonstrated in pcap)
- Subsequent HandoverRequest messages: AMF sends corrupted capabilities to target gNBs
Per TS 38.413 §8.4.2.4, if the supported algorithms in the UE Security Capabilities do not match any allowed algorithms configured in the target gNB, the target gNB is required to reject the procedure using a HANDOVER FAILURE message.
PoC
Environment:
- Free5GC v4.2.1 AMF (Docker container) with full NF stack (NRF, AUSF, UDM, UDR, NSSF, PCF, SMF, UPF)
- UERANSIM v3.2.7 gNB with custom inspection-tool extension
- tshark for packet capture
Reproduction Steps:
- Start Free5GC full stack and register a UE through a gNB (NG Setup → Registration → PDU Session Setup).
- Send a normal HandoverRequired from the gNB. Capture the resulting HandoverRequest from the AMF and confirm
nRintegrityProtectionAlgorithms = 0xe000(NIA1, NIA2, NIA3 all supported). This is the baseline. - Send a PathSwitchRequest with
nRintegrityProtectionAlgorithms = 0x0000(all integrity algorithms set to not supported). The AMF responds with PathSwitchRequestAcknowledge. - Observe that the PathSwitchRequestAcknowledge contains
nRintegrityProtectionAlgorithms = 0x0000- the corrupted values are propagated back.
Observed Result (from pcap capture):
| Packet | Message | nRintegrityProtectionAlgorithms |
|---|---|---|
| #20 | HandoverRequest (AMF→gNB) | 0xe000 (NIA1 ✓ NIA2 ✓ NIA3 ✓) - baseline |
| #30 | PathSwitchRequest (gNB→AMF) | 0x0000 - poison |
| #47 | PathSwitchRequestAcknowledge (AMF→gNB) | 0x0000 (NIA1 ✗ NIA2 ✗ NIA3 ✗) - corrupted |
Impact
Availability (HIGH): A malicious gNB can send a single PathSwitchRequest message to corrupt the AMF's stored UE security capabilities for any UE. All subsequent inter-gNB handovers for the affected UE are expected to fail (per TS 38.413 §8.4.2.4), resulting in denial-of-service that persists until the UE performs a new registration.
Integrity (LOW): The AMF's internal UE security context is corrupted with attacker-controlled values. These corrupted values are propagated to other network elements via PathSwitchRequestAcknowledge and HandoverRequest messages.
Who is impacted: Any deployment using Free5GC as the AMF where a gNB could be compromised or where untrusted gNBs exist (e.g., O-RAN multi-vendor deployments).
AnalysisAI
Free5GC Access and Mobility Management Function (AMF) v4.2.1 and earlier fails to verify UE Security Capabilities in NGAP PathSwitchRequest messages, allowing a malicious gNB to overwrite the AMF's stored security algorithm preferences with arbitrary values. These corrupted capabilities are then propagated in PathSwitchRequestAcknowledge and subsequent HandoverRequest messages, causing all inter-gNB handovers for affected UEs to fail due to algorithm mismatches. This results in persistent handover denial-of-service until UE re-registration. The vulnerability is directly contrary to 3GPP TS 33.501 §6.7.3.1 verification requirements and has been demonstrated with a public proof-of-concept using Free5GC v4.2.1 and UERANSIM.
Technical ContextAI
Free5GC is an open-source 5G core network implementation written in Go. The vulnerability resides in the AMF component's NGAP (NG Application Protocol) message handler, specifically the handlePathSwitchRequestMain function in amf/internal/ngap/handler.go. During Xn-handovers between gNodeBs, the AMF receives PathSwitchRequest messages containing UESecurityCapabilities Information Elements (IEs) that specify which encryption (EA) and integrity protection (IA) algorithms the UE supports (EA1/EA2/EA3 for 5G encryption; IA1/IA2/IA3 for integrity). The root cause is unconditional overwriting of stored capability bits using bitwise operations (e.g., SetEA1_128_5G with NRencryptionAlgorithms.Value.Bytes[0] & 0x80) without prior comparison to locally stored values. Per 3GPP TS 33.501 §6.7.3.1, the AMF is mandated to verify received capabilities match stored values and, if mismatched, send its locally stored capabilities back in the PathSwitchRequestAcknowledge. The missing verification allows a gNB (via NGAP over SCTP) to inject false algorithm support/rejection signals. Subsequent TS 38.413 §8.4.2.4 handover procedures enforce that target gNBs reject HandoverRequest messages if no common algorithms exist between UE and gNB configuration, guaranteeing handover failure when capabilities are zeroed. CWE-358 (Improperly Restricted Operations on Dynamically-Allocated Memory) applies to the unchecked state modification of the UE security context object.
RemediationAI
No vendor-released patch identified at time of analysis. Immediate remediation requires in-place code fixes: apply the verification logic from 3GPP TS 33.501 §6.7.3.1 by comparing received UESecurityCapabilities against amfUe.UESecurityCapability before overwriting, and if mismatched, return the locally stored values in PathSwitchRequestAcknowledge instead of the received ones. Until a patched Free5GC release is available, implement network-level compensating controls: (1) restrict NGAP access (port 38412/SCTP) to known, trusted gNBs via firewall rules on the AMF host or intermediate network segments, (2) deploy gNB authentication and authorization checks at the N2 interface using TLS mutual authentication with certificate pinning to prevent unauthorized gNB connections, (3) enable detailed logging and alerting on PathSwitchRequest messages and monitor for zero'd algorithm values in AMF logs (search for UESecurityCapability modifications with all-zero bytes), (4) segment the AMF into a dedicated security zone with monitoring for abnormal state changes. Workaround: force UEs to re-register every N hours via policy enforcement in the PCF or SMF to limit DoS duration, though this reduces user experience and does not prevent the underlying corruption. Operators should also audit their gNB deployment for compromise or untrusted vendors (especially in multi-vendor O-RAN setups) since this vulnerability requires gNB control. Monitor GitHub repository (https://github.com/free5gc/free5gc/security/advisories/GHSA-77x9-rf64-92gv) for patch release announcements.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32557
GHSA-77x9-rf64-92gv