{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-9135","assignerOrgId":"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7","state":"PUBLISHED","assignerShortName":"Arista","dateReserved":"2024-09-23T23:03:07.318Z","datePublished":"2025-03-04T20:12:02.025Z","dateUpdated":"2025-03-04T20:34:15.951Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"EOS","vendor":"Arista Networks","versions":[{"status":"affected","version":"4.33.0"},{"lessThanOrEqual":"4.31.5","status":"affected","version":"4.31.0","versionType":"custom"},{"lessThanOrEqual":"4.30.8.1","status":"affected","version":"4.30.0","versionType":"custom"},{"lessThanOrEqual":"4.29.9.1","status":"affected","version":"4.29.0","versionType":"custom"},{"status":"affected","version":"4.28.0"},{"lessThanOrEqual":"4.27.1","status":"affected","version":"4.27.0","versionType":"custom"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>In order to be vulnerable to CVE-2024-9135, the following condition must be met:</p><p>BGP Link State must be configured:</p><pre>switch# router bgp 65544\nswitch#  &nbsp; address-family link-state\nswitch# &nbsp; &nbsp; &nbsp; neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n&nbsp; Description  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Neighbor V AS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MsgRcvd &nbsp; MsgSent  InQ OutQ  Up/Down State &nbsp; NlriRcd NlriAcc\n  \n&nbsp; brw363 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 192.0.2.9 4 65550 &nbsp; &nbsp; &nbsp; 194222  &nbsp; 125149  &nbsp; 0  &nbsp; 0 01:08:41 Estab &nbsp; 211948 211948\n</pre><div>&nbsp;</div><p>If BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:</p><pre>switch&gt;sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n  Description              Neighbor V AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   NlriRcd NlriAcc</pre><br>"}],"value":"In order to be vulnerable to CVE-2024-9135, the following condition must be met:\n\nBGP Link State must be configured:\n\nswitch# router bgp 65544\nswitch#    address-family link-state\nswitch#       neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n  Description              Neighbor V AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   NlriRcd NlriAcc\n  \n  brw363                   192.0.2.9 4 65550       194222    125149    0    0 01:08:41 Estab   211948 211948\n\n\n \n\nIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\n\nswitch>sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n  Description              Neighbor V AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   NlriRcd NlriAcc"}],"credits":[{"lang":"en","type":"finder","value":"Craig Dods from Meta’s Infrastructure Security team."}],"datePublic":"2025-01-21T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.</span><br>"}],"value":"On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping."}],"impacts":[{"capecId":"CAPEC-130","descriptions":[{"lang":"en","value":"CAPEC-130 Excessive Allocation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-401","description":"CWE-401 Missing Release of Memory after Effective Lifetime","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7","shortName":"Arista","dateUpdated":"2025-03-04T20:12:02.025Z"},"references":[{"url":"https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110"}],"source":{"advisory":"110","defect":["1006114"],"discovery":"UNKNOWN"},"title":"On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle.  Note this should be done on affected non AWE platforms only.</p><pre>1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c 'echo \"BgpLsConsumerDps=0\" &gt; /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" &gt;&gt; /mnt/flash/toggle_override'\n3. Reload the switch or router</pre>"}],"value":"The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle.  Note this should be done on affected non AWE platforms only.\n\n1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c 'echo \"BgpLsConsumerDps=0\" > /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" >> /mnt/flash/toggle_override'\n3. Reload the switch or router"}],"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-04T20:33:54.371098Z","id":"CVE-2024-9135","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-04T20:34:15.951Z"}}]}}