CVE-2024-9135

On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.

Description

Remediation

Workaround:

The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only. 1. Enter "bash" shell under EOS prompt 2. sudo sh -c 'echo "BgpLsConsumerDps=0" > /mnt/flash/toggle_override; echo "BgpLsProducerDps=0" >> /mnt/flash/toggle_override' 3. Reload the switch or router

References

Link	Tags
https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110

Frequently Asked Questions

What is the severity of CVE-2024-9135?: CVE-2024-9135 has been scored as a medium severity vulnerability.
How to fix CVE-2024-9135?: As a workaround for remediating CVE-2024-9135: The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only. 1. Enter "bash" shell under EOS prompt 2. sudo sh -c 'echo "BgpLsConsumerDps=0" > /mnt/flash/toggle_override; echo "BgpLsProducerDps=0" >> /mnt/flash/toggle_override' 3. Reload the switch or router
Is CVE-2024-9135 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-9135 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9135?: CVE-2024-9135 affects Arista Networks EOS.

Description

Remediation

Category

CWE-401 – Missing Release of Memory after Effective Lifetime

References

Frequently Asked Questions