Lucene search

[email protected]CVE-2022-22209

HistoryJul 20, 2022 - 3:15 p.m.

CVE-2022-22209

2022-07-2015:15:08

CWE-401

[email protected]

web.nvd.nist.gov

cve-2022-22209

juniper networks

junos os

vulnerability

memory leak

dos

security

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.5%

JSON

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- ‘ENOMEM – Cannot allocate memory’. The out-of-sync state between RIB and FIB can be seen with the “show route” and “show route forwarding-table” command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command “show krt queue”: user@host > show krt state High-priority add queue: 1 queued ADD nhtype Router index 0 (31212) error ‘ENOMEM – Cannot allocate memory’ kqp ‘0x8ad5e40’ The following messages will be observed in /var/log/messages, which indicate high memory for routes/nexthops: host rpd[16279]: RPD_RT_HWM_NOTICE: New RIB highwatermark for routes: 266 [2022-03-04 05:06:07] host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host kernel: rts_veto_net_delayed_unref_limit: Route/nexthop memory is severe pressure. User Application to perform recovery actions. O p 8 err 12, rtsm_id 0:-1, msg type 10, veto simulation: 0. host kernel: rts_veto_net_delayed_unref_limit: Memory usage of M_RTNEXTHOP type = (806321208) Max size possible for M_RTNEXTHOP type = (689432176) Current delayed unref = (0), Max delayed unref on this platform = (120000) Current delayed weight unref = (0) Max delayed weight unref on this platform = (400000) curproc = rpd. This issue affects: Juniper Networks Junos OS 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2-S1, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 21.2R1.

Affected configurations

NVD

Node

juniperjunosMatch21.2-

juniperjunosMatch21.2r1

juniperjunosMatch21.2r1-s1

juniperjunosMatch21.2r1-s2

juniperjunosMatch21.2r2

juniperjunosMatch21.2r2-s1

juniperjunosMatch21.2r2-s2

juniperjunosMatch21.3-

juniperjunosMatch21.3r1

juniperjunosMatch21.3r1-s1

juniperjunosMatch21.3r1-s2

juniperjunosMatch21.3r2

juniperjunosMatch21.4-

juniperjunosMatch21.4r1

juniperjunosMatch21.4r1-s1

CPENameOperatorVersion
juniper:junosjuniper junoseq21.2
juniper:junosjuniper junoseq21.3
juniper:junosjuniper junoseq21.4

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	21.2
juniper:junos	juniper junos	eq	21.3
juniper:junos	juniper junos	eq	21.4

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.2R1",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "21.2R3",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      },
      {
        "lessThan": "21.3R2-S1, 21.3R3",
        "status": "affected",
        "version": "21.3",
        "versionType": "custom"
      },
      {
        "lessThan": "21.4R1-S2, 21.4R2",
        "status": "affected",
        "version": "21.4",
        "versionType": "custom"
      }
    ]
  }
]