CVE-2022-22209 — Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401 — Missing Release of Memory after Effective Lifetime5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 19.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJul 20

Latest updateFeb 26

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck wi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os21.2 — 21.2R3+2

▶NVDjuniper/junos21.2, 21.3, 21.4+2

🔴Vulnerability Details

GHSA

GHSA-2jpc-grxp-p4w8: A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based↗2022-07-21

▶

CVEList

Junos OS: RIB and PFEs can get out of sync due to a memory leak caused by interface flaps or route churn↗2022-07-20

▶

📋Vendor Advisories

Red Hat

kernel: macsec: fix UAF bug for real_dev↗2025-02-26

▶

Juniper

CVE-2022-22209: A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based↗2022-07-20

▶