CVE-2026-32320: Denial of Service in Ella Core AMF via Malformed PathSwitchRequest

Ella Core operates as a 5G core network implementation designed for private enterprise deployments. The Access and Mobility Management Function (AMF) serves as the primary control plane node responsible for handling connection and mobility management tasks. It processes Non-Access Stratum (NAS) signaling and communicates with the Radio Access Network (RAN) via the NG Application Protocol (NGAP) over SCTP.

The AMF exposes a network attack surface through its NGAP message processing interface. When a User Equipment (UE) moves between radio cells during an Xn-based handover, the RAN sends a PathSwitchRequest message (Procedure Code 30) to the AMF to update the downlink routing path. This message contains a UE Security Capabilities Information Element (IE) detailing the cryptographic algorithms supported by the mobile device.

CVE-2026-32320 is an out-of-bounds read vulnerability (CWE-125) located in the AMF's NGAP message handler. Processing a PathSwitchRequest containing zero-length bitstrings for New Radio (NR) encryption or integrity protection algorithms triggers a runtime panic. This panic crashes the AMF process entirely, resulting in a denial-of-service condition that drops all active subscriber management sessions.

The vulnerability stems from an improper assumption regarding the minimum length of parsed Information Elements during NGAP decoding. In the 3GPP TS 38.413 specification, the NRencryptionAlgorithms and NRintegrityProtectionAlgorithms are defined as ASN.1 BIT STRING types with a minimum size of 16 bits. The Go-based AMF implementation maps the UE Security Capabilities IE into a data structure where these algorithm bitstrings are represented as variable-length byte slices.

During the processing of the PathSwitchRequest, the AMF evaluates the supported encryption and integrity protection algorithms to establish the security context. The application logic directly accesses the first element of the byte slice (Bytes[0]) to apply a bitwise mask (& 0x80) and shift operation (>> 7). This specific operation extracts the most significant bit, which corresponds to the support status of the EA1_128_5G (128-bit SNOW 3G) algorithm.

The implementation fails to verify the length of the slice before performing the index operation. If the ASN.1 decoder processes a malformed NGAP message where the bitstring length is intentionally set to zero, the resulting underlying byte slice is empty. The application logic assumes the slice corresponds to the 3GPP minimum size of 2 bytes.

In Go, accessing an index outside the bounds of a slice produces an immediate, unrecoverable runtime panic. Because this operation occurs within the main message handling routine without specific panic recovery wrapping on the goroutine, the execution fault terminates the entire AMF process. The lack of input validation directly transforms a malformed data packet into a critical availability failure.

The flaw exists in internal/amf/ngap/handle_path_switch_request.go. The vulnerable implementation retrieves the uESecurityCapabilities structure and immediately attempts to index into the NRencryptionAlgorithms byte slice without prior validation.

// VULNERABLE CODE (Prior to 1.5.1)
if uESecurityCapabilities != nil {
    // Direct indexing into Bytes[0] without checking slice length
    amfUe.UESecurityCapability.SetEA1_128_5G((uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x80) >> 7)
    // ...
}

The patch introduced in commit 1e404ee1c9b6adadec934fc4c8638a506fc713b2 resolves this issue by implementing strict bounds checking. The AMF now validates the length of both the encryption and integrity protection bitstrings before attempting to read their contents.

// PATCHED CODE (Version 1.5.1)
if uESecurityCapabilities != nil {
    if len(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes) == 0 ||
        len(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes) == 0 {
        ranUe.Log.Error("UE security capabilities have empty NR algorithm bitstrings")
        return
    }
 
    amfUe.UESecurityCapability.SetEA1_128_5G((uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x80) >> 7)
    // ...
}

The explicit length check ensures that malformed messages with zero-length bitstrings are logged as errors and the handler function returns early. This prevents the application from reaching the unsafe indexing operation, neutralizing the panic condition.

Exploiting CVE-2026-32320 requires the ability to transmit crafted NGAP messages to the AMF. The attacker must possess network routing access to the AMF's N2 control plane interface, which typically resides on an isolated internal network segment and listens on SCTP port 38412.

The CVSS vector specifies Low Privileges Required (PR:L), but the vendor advisory notes that no user-level authentication is strictly required for the NGAP message itself. An attacker operating a compromised RAN node, or an attacker who has gained access to the management VLAN and can spoof a gNodeB, can construct and transmit the malicious PathSwitchRequest directly to the AMF.

The attack sequence relies on establishing an SCTP association and sending a single malformed packet. The attacker sets the NRencryptionAlgorithms or NRintegrityProtectionAlgorithms length fields to zero within the ASN.1 encoded NGAP payload. Upon parsing the packet, the AMF crashes immediately.

The primary impact of CVE-2026-32320 is a high-severity availability disruption. The AMF is a central component of the 5G Service Based Architecture (SBA). When the AMF process terminates, the core network loses its ability to manage subscriber connections, authentication, and mobility across the entire service area.

Existing connected data sessions may continue momentarily if the User Plane Function (UPF) and Session Management Function (SMF) remain operational. However, any handover events, new attachment requests, or location updates fail immediately upon AMF termination. When the AMF process supervisor (such as systemd or a Kubernetes controller) restarts the node, it triggers a signaling storm as all User Equipment attempts to re-attach simultaneously.

Continuous transmission of the malformed PathSwitchRequest by an attacker creates a persistent denial-of-service condition, preventing the network from stabilizing. The recovery process requires blocking the malicious SCTP traffic at the network level before the AMF can successfully initialize and maintain a running state.

The vulnerability does not expose sensitive memory contents to the attacker or permit remote code execution. The consequence is strictly limited to application termination via runtime panic, which aligns with the CVSS v3.1 availability impact metric of High.

The vulnerability is fully resolved in Ella Core version 1.5.1. Administrators must upgrade the AMF component to this version to eliminate the index-out-of-bounds flaw. The update modifies the NGAP parsing logic to strictly validate the length of algorithm bitstrings before accessing memory offsets.

Version 1.5.1 incorporates several proactive security hardening measures alongside the NGAP parser fix. Commit 722e79f69b1edc689693416c475da9c2b56c25bd introduces payload length validation for Non-Access Stratum (NAS) messages. Commit 1944bf0c663c53096428e93864838768c5082e88 mitigates nil-pointer dereferences in UPF rule lookups. Additionally, commit 200392fa88d2882861535b23e3ccf1f6af55de35 migrates eBPF maps from Array to Hash types to prevent resource state confusion.

Network operators unable to apply the update immediately should enforce strict network access controls on the N2 interface exposing the AMF. Restricting SCTP communication to known, trusted RAN node IP addresses reduces the likelihood of successful exploitation from unauthorized network segments.

Security operations teams should implement intrusion detection signatures to monitor for anomalous NGAP traffic. Alerting on PathSwitchRequest payloads containing UE Security Capabilities elements with zero-length bitstrings provides visibility into attempted exploitation, allowing defenders to isolate compromised RAN nodes.