CVE-2023-28984

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series Juniper Networks Junos OS 20.2 versions prior to 20.2R3-S7 on QFX Series Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S6 on QFX Series Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S5 on QFX Series Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4 on QFX Series Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S3 on QFX Series Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S3 on QFX Series Juniper Networks Junos OS 21.4 versions prior to 21.4R3 on QFX Series Juniper Networks Junos OS 22.1 versions prior to 22.1R3 on QFX Series Juniper Networks Junos OS 22.2 versions prior to 22.2R2 on QFX Series

Description A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attacker's direct control.

Recommendations For Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series, update to version 19.4R3-S10 or later. For Juniper Networks Junos OS 20.2 versions prior to 20.2R3-S7 on QFX Series, update to version 20.2R3-S7 or later. For Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S6 on QFX Series, update to version 20.3R3-S6 or later. For Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S5 on QFX Series, update to version 20.4R3-S5 or later. For Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4 on QFX Series, update to version 21.1R3-S4 or later. For Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S3 on QFX Series, update to version 21.2R3-S3 or later. For Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S3 on QFX Series, update to version 21.3R3-S3 or later. For Juniper Networks Junos OS 21.4 versions prior to 21.4R3 on QFX Series, update to version 21.4R3 or later. For Juniper Networks Junos OS 22.1 versions prior to 22.1R3 on QFX Series, update to version 22.1R3 or later. For Juniper Networks Junos OS 22.2 versions prior to 22.2R2 on QFX Series, update to version 22.2R2 or later.