CVE-2022-22209 Information

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- ‘ENOMEM – Cannot allocate memory’. The out-of-sync state between RIB and FIB can be seen with the \show route\ and \show route forwarding-table\ command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command \show krt queue\

Reference

https://kb.juniper.net/JSA69713