On Juniper Networks SRX Series devices with link aggregation (lag) configured, executing any operation that fetches Aggregated Ethernet (AE) interface statistics, including but not limited to SNMP GET requests, causes a slow kernel memory leak. If all the available memory is consumed, the traffic will be impacted and a reboot might be required. The following log can be seen if this issue happens. /kernel: rt_pfe_veto: Memory over consumed. Op 1 err 12, rtsm_id 0:-1, msg type 72 /kernel: rt_pfe_veto: free kmem_map memory = (20770816) curproc = kmd An administrator can use the following CLI command to monitor the status of memory consumption (ifstat bucket): user@device > show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size(s) ifstat 2588977 162708K - 19633958 <<<< user@device > show system virtual-memory no-forwarding | match ifstat Type InUse MemUse HighUse Limit Requests Limit Limit Size(s) ifstat 3021629 189749K - 22914415 <<<< This issue affects Juniper Networks Junos OS on SRX Series: 17.1 versions 17.1R3 and above before 17.3R3-S11; 17.4 versions before 17.4R3-S5; 18.2 versions before 18.2R3-S7, 18.2R3-S8; 18.3 versions before 18.3R3-S4; 18.4 versions before 18.4R2-S7, 18.4R3-S6; 19.1 versions before 19.1R3-S4; 19.2 versions before 19.2R1-S6; 19.3 versions before 19.3R3-S1; 19.4 versions before 19.4R3-S1; 20.1 versions before 20.1R2, 20.1R3; 20.2 versions before 20.2R2-S2, 20.2R3; 20.3 versions before 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS before 17.1R3.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
juniper junos 17.1 |
||
juniper junos 17.2 |
||
juniper junos 17.3 |
||
juniper junos 17.4 |
||
juniper junos 18.2 |
||
juniper junos 18.3 |
||
juniper junos 18.4 |
||
juniper junos 19.1 |
||
juniper junos 19.2 |
||
juniper junos 19.3 |
||
juniper junos 19.4 |
||
juniper junos 20.1 |
||
juniper junos 20.2 |
||
juniper junos 20.3 |
Vulmon