LOW 3.7

GHSA-mc29-hmx6-856q

Ella Core has handover failures during concurrent Security Mode Command

상세

## Summary

Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa).

## Impact

Concurrent Security Mode Command and N2 handover produce a KgNB mismatch between the UE and target gNB, causing the handover to fail. Requires a stalled gNB + re-registration race to trigger.

## Fix

Ella Core now enforces both rules from §6.9.5.1, blocking concurrent Security Mode Command and N2 handover procedures.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Go / github.com/ellanetworks/core

최초 영향 버전: 0 수정 버전: 1.10.0

수정 go get github.com/ellanetworks/core@v1.10.0

참고

https://github.com/ellanetworks/core/security/advisories/GHSA-mc29-hmx6-856q [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2026-44474 [ADVISORY]
https://github.com/ellanetworks/core [PACKAGE]