U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2021-0230

Change History

CVE Modified by Juniper Networks, Inc. 5/24/2021 8:15:07 AM

Action Type Old Value New Value
Changed Description 
On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required.

The following log can be seen if this issue happens.
  /kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72
  /kernel: rt_pfe_veto: free kmem_map memory = (20770816) curproc = kmd

An administrator can use the following CLI command to monitor the status of memory consumption (ifstat bucket):

  user@device > show system virtual-memory no-forwarding | match ifstat
          Type        InUse   MemUse  HighUse    Limit Requests Limit Limit Size(s)
        ifstat       2588977 162708K                    -   19633958   <<<<
   
  user@device > show system virtual-memory no-forwarding | match ifstat
          Type        InUse   MemUse  HighUse    Limit Requests Limit Limit Size(s)
       ifstat      3021629  189749K                     -   22914415   <<<<


This issue affects Juniper Networks Junos OS on SRX Series:
17.1 versions 17.1R3 and above prior to 17.3R3-S11; 
17.4 versions prior to 17.4R3-S5;
18.2 versions prior to 18.2R3-S7, 18.2R3-S8;
18.3 versions prior to 18.3R3-S4;
18.4 versions prior to 18.4R2-S7, 18.4R3-S6;
19.1 versions prior to 19.1R3-S4;
19.2 versions prior to 19.2R1-S6;
19.3 versions prior to 19.3R3-S1;
19.4 versions prior to 19.4R3-S1;
20.1 versions prior to 20.1R2, 20.1R3;
20.2 versions prior to 20.2R2-S2, 20.2R3;
20.3 versions prior to 20.3R1-S2, 20.3R2.

This issue does not affect Juniper Networks Junos OS prior to 17.1R3.

On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The following log can be seen if this issue happens. /kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72 /kernel: rt_pfe_veto: free kmem_map memory = (20770816) curproc = kmd An administrator can use the following CLI command to monitor the status of memory consumption (ifstat bucket): user@device > show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size(s) ifstat 2588977 162708K - 19633958 <<<< user@device > show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size(s) ifstat 3021629 189749K - 22914415 <<<< This issue affects Juniper Networks Junos OS on SRX Series: 17.1 versions 17.1R3 and above prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.2 versions prior to 18.2R3-S7, 18.2R3-S8; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS prior to 17.1R3.