CVE-2021-0242

Summary

A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. When this issue occurs, DMA buffer usage keeps increasing and the following error log messages may be observed: Apr 14 14:29:34.360 /kernel: pid 64476 (pfex_junos), uid 0: exited on signal 11 (core dumped) Apr 14 14:29:33.790 init: pfe-manager (PID 64476) terminated by signal number 11. Core dumped! The DMA buffers on the FPC can be monitored by the executing vty command 'show heap': ID Base Total(b) Free(b) Used(b) % Name – ———- ———– ———– ———– — ———– 0 4a46000 268435456 238230496 30204960 11 Kernel 1 18a46000 67108864 17618536 49490328 73 Bcm_sdk 2 23737000 117440512 18414552 99025960 84 DMA buf <<<<< keeps increasing 3 2a737000 16777216 16777216 0 0 DMA desc This issue affects Juniper Networks Junos OS on the EX4300: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS17.3 < 17.3R3-S11affected
Juniper NetworksJunos OS17.4 < 17.4R2-S13, 17.4R3-S4affected
Juniper NetworksJunos OS18.1 < 18.1R3-S12affected
Juniper NetworksJunos OS18.2 < 18.2R2-S8, 18.2R3-S7affected
Juniper NetworksJunos OS18.3 < 18.3R3-S4affected
Juniper NetworksJunos OS18.4 < 18.4R1-S8, 18.4R2-S7, 18.4R3-S7affected
Juniper NetworksJunos OS19.1 < 19.1R1-S6, 19.1R2-S2, 19.1R3-S4affected
Juniper NetworksJunos OS19.2 < 19.2R1-S6, 19.2R3-S2affected
Juniper NetworksJunos OS19.3 < 19.3R3-S2affected
Juniper NetworksJunos OS19.4 < 19.4R2-S3, 19.4R3-S1affected
Juniper NetworksJunos OS20.1 < 20.1R2affected
Juniper NetworksJunos OS20.2 < 20.2R2-S1, 20.2R3affected
Juniper NetworksJunos OS20.3 < 20.3R1-S1, 20.3R2affected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-241: CWE-241 Improper Handling of Unexpected Data Type
  • Denial of Service (DoS)

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References