Bug ID 1038117: TMM SIGSEGV with BDoS attack signature

Last Modified: Dec 20, 2023

Affected Product(s):
BIG-IP AFM, TMOS(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2

Fixed In:
17.1.0, 15.1.4

Opened: Aug 02, 2021

Severity: 4-Minor

Symptoms

TMM core dumped with segmentation fault showing the below stack. Sometimes the crash stack might be different possibly due to memory corruption caused by the stale BDoS entries in sPVA temp table. #0 0x00007fbb0f05fa01 in __pthread_kill (threadid=?, signo=signo@entry=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61 #1 0x0000000001587e86 in signal_handler (signum=11, info=0x400a254018f0, ctx=0x400a254017c0) at ../kern/sys.c:3837 #2 <signal handler called> #3 __strcmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:164 #4 0x000000000156319b in spva_search_temp_table (p_arg=<synthetic pointer>, spva=0x400a25401e70) at ../base/tmm_spva.c:1827 #5 spva_dyentries_ack_nack_response (status=SPVA_STATUS_SUCCESS, spva=0x400a25401e70) at ../base/tmm_spva.c:1872 #6 spva_read (status=SPVA_STATUS_SUCCESS, spva=...) at ../base/tmm_spva.c:1560

Impact

Traffic disrupted while tmm restarts.

Conditions

BDoS enabled. The Dynamic BDoS signature created, attack detected, and signature is offloaded to hardware.

Workaround

Disable BDoS.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips