CVE-2024-55553: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-55553 affects FRRouting (FRR) versions before 10.3, from version 6.0 onward. The vulnerability involves route re-validation when the total size of an update received via RTR exceeds the internal socket's buffer size (default 4K on most operating systems). The issue was discovered in early 2025 and fixed versions include 10.0.3, 10.1.2, 10.2.1, and versions 10.3 and above (NVD).

The vulnerability occurs when all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size. This can be triggered when more than the default buffer size (4K) of updates occur during an update interval, which typically happens every 30 minutes. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and is classified under CWE-404 (Improper Resource Shutdown or Release) (NVD).

The vulnerability can lead to significant performance degradation in FRR instances using RPKI globally. For routers with large full tables, the re-validation process may take more than 30 minutes to complete. Additionally, the continuous re-validation triggers heightened BMP traffic to ingestors, potentially affecting network performance (Debian LTS).

The vulnerability has been fixed in FRR versions 10.0.3, 10.1.2, 10.2.1, and versions 10.3 and above. Various Linux distributions have also released security updates, including Debian 11 (Bullseye) which fixed the issue in version 7.5.1-1.1+deb11u4 (Debian LTS).