CVE-2022-22174: Memory Leak Vulnerability in Juniper Networks Junos OS on QFX500 Series and EX460 Switches

A critical vulnerability in the processing of inbound IPv6 packets has been identified in Juniper Networks Junos OS on QFX500 Series and EX460 switches. This vulnerability, tracked as CVE-2022-22174, can result in a memory leak and lead to a Denial of Service (DoS) condition. When this occurs, further packet processing may be impacted, leading to a sustained DoS state.

The memory leak issue arises when memory is not freed during the processing of inbound IPv6 packets. This can be observed in the error logs using the "show heap" command:

Jan 12 12:00:00 device-name fpc (buf alloc) failed allocating packet buffer
Jan 12 12:00:01 device-name fpc (buf alloc) failed allocating packet buffer

user@device-name> request pfe execute target fpc timeout 30 command "show heap"

ID   Base       Total(b)     Free(b)      Used(b)      %   Name
    246fc1a8   536870488    353653752   183216736    34  Kernel
1    91800000   16777216     12069680    4707536      28  DMA
2    92800000   75497472     69997640    5499832      7   PKT DMA DESC
3    106fc000   335544320    221425960   114118360    34  Bcm_sdk
4    97000000   176160768    200         176160568    99  Packet DMA <<<<<<<<<<<<<<
5    903fffe   20971504     20971504                  Blob

Devices may eventually run out of memory if subjected to continuous receipt of such packets.

Juniper Networks Junos OS on QFX500 Series, EX460 devices are affected by this issue if running on the following versions: 18.3R3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2.

This issue does not affect devices running on Juniper Networks Junos OS with the following versions: any versions prior to 17.4R3; 18.1 versions prior to 18.1R3-S6; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.

To address this vulnerability, users should consult the original security advisory from Juniper Networks and apply the recommended updates. It is crucial to ensure that your devices are running on the latest, secure versions of Junos OS to protect against any potential exploits of this memory leak vulnerability.

Timeline

Published on: 01/19/2022 01:15:00 UTC
Last modified on: 02/01/2022 20:33:00 UTC