CVE-2024-6437 Information

Description

On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR) BGP Flowspec or interface traffic policy – certain IP traffic such as IPv4 packets with IP options may bypass the feature’s set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action’s destination.

Reference

https://www.arista.com/en/support/advisories-notices/security-advisory/20689-security-advisory-0108