Compliance Impact

The vulnerability causes a buffer overflow in the AUSF component during the 5G AKA authentication procedure, leading to a denial of service by crashing the AUSF process. This disruption can prohibit users from completing registration and verification.

While the provided information does not explicitly mention compliance with standards such as GDPR or HIPAA, denial of service vulnerabilities affecting authentication and user verification processes can indirectly impact compliance by disrupting secure access controls and availability requirements mandated by these regulations.

Specifically, failure to maintain service availability and secure authentication mechanisms could lead to non-compliance with regulatory requirements that emphasize data protection, user privacy, and system reliability.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-30075 is a buffer overflow vulnerability in OpenAirInterface AUSF version 2.2.0. It occurs when the AUSF component receives an authentication response from the AMF containing an oversized `res*` value (for example, 100+ bytes) during the 5G AKA authentication procedure.

The AUSF does not properly validate the length of this `res*` parameter, which leads to memory corruption and causes the AUSF process to crash with a stack smashing detected error.

This vulnerability arises because the AMF sends an authentication response with a `res*` value larger than the specification allows, and the AUSF attempts to process it without length validation.

Useful 0 Not Useful 0

Impact Analysis

The buffer overflow causes the AUSF component to crash, which leads to a denial of service (DoS) condition.

As a result, users may be prohibited from further registration and verification on the network.

Specifically, after the AUSF crashes, the AMF fails authentication and sends a registration reject message to the user equipment (UE), preventing successful network access.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring the AUSF and AMF logs for signs of buffer overflow and crashes related to oversized authentication responses.

• Check AMF logs for authentication responses containing a `res*` value larger than the specification (e.g., greater than 100 bytes).
• Inspect AUSF logs for messages indicating receipt of 5g-aka-confirmation requests with large `res*` values and subsequent crashes or stack smashing detected errors.
• Use packet capture tools (e.g., tcpdump or Wireshark) to capture and analyze 5G AKA authentication messages between AMF and AUSF, looking for oversized `res*` parameters.
• Example command to capture relevant traffic: `tcpdump -i <interface> -w capture.pcap port <relevant_port>` and then analyze with Wireshark filtering for 5g-aka-confirmation messages.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include validating and rejecting oversized authentication responses at the AMF before forwarding them to AUSF.

Ensure that the AUSF component validates the length of the `res*` parameter and discards any message exceeding the specification, responding with an appropriate failure message instead of processing it.

Monitor AUSF for crashes and apply any available patches or updates that address this buffer overflow vulnerability.

• Configure AMF to reject malformed or oversized authentication responses proactively.
• Restart AUSF services if crashes occur and investigate logs to confirm the cause.

Useful 0 Not Useful 0