A critical logic flaw in the OpenAirInterface5G nr-softmodem could cause service outages by triggering an unhandled exception during PRB usage calculations.

The vulnerability exists in the fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() functions, where the software performs a division operation without validating the divisor. An unauthenticated remote attacker can trigger this condition, causing the service to crash and resulting in a denial-of-service.

With a CVSS score of 8.6, this vulnerability poses a high risk to telecommunications infrastructure availability. A crash in the nr-softmodem component can disrupt 5G connectivity for connected users, leading to service degradation and potential operational losses for operators relying on this software.

Immediate Action: Update the OpenAirInterface5G deployment to a patched version that implements proper zero-check validation in the affected functions.

Proactive Monitoring: Monitor the nr-softmodem service logs for frequent restarts or crash reports that may indicate exploitation attempts.

Compensating Controls: Deploy rate-limiting at the network edge to mitigate potential floods of traffic that might trigger the vulnerable calculation routines.

Public Exploit Available: False

Organizations utilizing OpenAirInterface5G for 5G research or deployment should prioritize patching the nr-softmodem component. Ensuring the stability of these core functions is essential to maintaining network uptime and preventing unauthorized service interruption.