CVE-2024-9135

Summary

On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.

Affected Software

VendorProductVersion RangeStatus
Arista NetworksEOS4.33.0affected
Arista NetworksEOS4.31.0 <= 4.31.5affected
Arista NetworksEOS4.30.0 <= 4.30.8.1affected
Arista NetworksEOS4.29.0 <= 4.29.9.1affected
Arista NetworksEOS4.28.0affected
Arista NetworksEOS4.27.0 <= 4.27.1affected

Weaknesses

  • CWE-401: CWE-401 Missing Release of Memory after Effective Lifetime

Workarounds

The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.

  1. Enter "bash" shell under EOS prompt
  2. sudo sh -c 'echo "BgpLsConsumerDps=0" > /mnt/flash/toggle_override; echo "BgpLsProducerDps=0" >> /mnt/flash/toggle_override'
  3. Reload the switch or router

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References