CVE-2026-37232

HIGH EPSS 31.2%
Published Jun 1, 20264w ago · Modified Jun 17, 20261w ago
8.6 CVSS 3.1
High
Find Similar
Published Jun 1, 2026 4w ago
Last Modified Jun 17, 2026 1w ago

Description

An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in openair2/E2AP/RAN_FUNCTION/O-RAN/ran_func_kpm_subs.c (lines 182 and 197) compute PRB usage percentages by dividing by the difference of two consecutive total_prb_aggregate samples without checking for zero. When a malicious xApp sends a high volume of E42_RIC_SUBSCRIPTION_REQUESTs via the FlexRIC iApp (port 36422/SCTP), the E2 Agent generates KPM Indication reports at high frequency. If two consecutive sampling intervals yield identical PRB aggregate values, the divisor becomes zero, triggering SIGFPE and crashing the entire 5G base station process (nr-softmodem). This results in complete 5G cell service interruption for all connected UEs. No authentication is required.

CVSS Details

Base Score
8.6
Exploitability
3.9
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
31.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-369

Affected Products 1

VendorProductVersionRange
openairinterfaceopenairinterface5g2.4.0any

References 2

  • github.com https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37232.md
    MitigationThird Party Advisory
  • gitlab.eurecom.fr https://gitlab.eurecom.fr/oai/openairinterface5g
    Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.