Uncovering Security Weaknesses in srsRAN with CodeQL: A Static Analysis Approach for Next-Gen RAN Systems
摘要
As open-source solutions are increasingly deployed in 5G Radio Access Networks (RANs), the importance of reliable security analysis for these systems is growing - especially for popular frameworks like srsRAN. Due to the complex and performance-critical nature of RAN software, latent vulnerabilities can have serious consequences for user privacy and network integrity. In this work, we present a detailed static analysis of the srsRAN codebase using CodeQL, a semantic code query language designed to scale vulnerability detection across large codebases. By formulating and executing custom CodeQL queries, our analysis detects a variety of systemic problems in srsRAN, such as memory management errors (e.g., memory leaks, use-after-free, null pointer dereferences), dangerous system calls, inadequate access control enforcement, unchecked return values, buffer overflows, and unvalidated network inputs. Other issues uncovered include hardcoded secrets, use of cryptographically weak pseudorandom number generation, and unsafe cryptographic comparisons - flaws that could potentially lead to privilege escalation, remote code execution, or denial-of-service attacks. The results highlight the importance of static code analysis tools like CodeQL for proactively hardening telecommunications infrastructure, and encourage the adoption of code analysis techniques in the secure software development lifecycle of open-source 5G RAN implementations.