CVE-2026-44474
LOW3.7EPSS 0.02%Ella Core has handover failures during concurrent Security Mode Command
發布日:2026/5/11修改日:2026/5/11
描述
## Summary Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa). ## Impact Concurrent Security Mode Command and N2 handover produce a KgNB mismatch between the UE and target gNB, causing the handover to fail. Requires a stalled gNB + re-registration race to trigger. ## Fix Ella Core now enforces both rules from §6.9.5.1, blocking concurrent Security Mode Command and N2 handover procedures.
受影響套件(1)
- Go/github.com/ellanetworks/corefrom 0, < 1.10.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L |