CVE-2022-22209
CVSS V2 None
CVSS V3 High 7.5
Description
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- 'ENOMEM -- Cannot allocate memory'. The out-of-sync state between RIB and FIB can be seen with the "show route" and "show route forwarding-table" command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command "show krt queue": user@host > show krt state High-priority add queue: 1 queued ADD nhtype Router index 0 (31212) error 'ENOMEM -- Cannot allocate memory' kqp '0x8ad5e40' The following messages will be observed in /var/log/messages, which indicate high memory for routes/nexthops: host rpd[16279]: RPD_RT_HWM_NOTICE: New RIB highwatermark for routes: 266 [2022-03-04 05:06:07] host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host kernel: rts_veto_net_delayed_unref_limit: Route/nexthop memory is severe pressure. User Application to perform recovery actions. O p 8 err 12, rtsm_id 0:-1, msg type 10, veto simulation: 0. host kernel: rts_veto_net_delayed_unref_limit: Memory usage of M_RTNEXTHOP type = (806321208) Max size possible for M_RTNEXTHOP type = (689432176) Current delayed unref = (0), Max delayed unref on this platform = (120000) Current delayed weight unref = (0) Max delayed weight unref on this platform = (400000) curproc = rpd. This issue affects: Juniper Networks Junos OS 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2-S1, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 21.2R1.
Overview
- CVE ID
- CVE-2022-22209
- Assigner
- sirt@juniper.net
- Vulnerability Status
- Analyzed
- Published Version
- 2022-07-20T15:15:08
- Last Modified Date
- 2022-07-29T22:06:22
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:* | 1 | OR |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- NONE
- Availability Impact
- HIGH
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
Reference URL | Reference Tags |
---|---|
https://kb.juniper.net/JSA69713 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-22209 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22209 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-07-20 16:00:27 | Added to TrackCVE |