First published: Fri Jan 10 2025(Updated: )
On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action's destination.
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista EOS |
The recommended resolution is to upgrade to a remediated software version that contains the ip software forwarding options action drop CLI command, and configure the command at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2024-6437 has been fixed in the following releases: * 4.32.2F and later releases in the 4.32.x train * 4.31.5M and later releases in the 4.31.x train * 4.30.8M and later releases in the 4.30.x train * 4.29.10M and later releases in the 4.29.x train
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.