Last Modified: Jun 19, 2026
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3, 17.1.3.1, 17.1.3.2, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4, 17.5.1.5, 17.5.1.6, 21.0.0, 21.0.0.1
Opened: Jun 03, 2026 Severity: 3-Major
When debug logging is enabled for the key management daemon, memory usage for the keymgmtd process grows continuously while client certificate authentication with dynamic CRL validation is active. Memory does not recover while the system is running
The key management process memory grows proportionally to the connection rate while debug logging is active. Under sustained traffic, this can degrade system performance
device config only, no code: - A Client SSL profile is configured with a client certificate authentication (peer-cert-mode require) and a dynamic CRL cert-validator with strict-revocation-check enabled, assigned to a virtual server - The log level for keymgmtd is set to debug: tmsh modify sys db log.keymgmtd.level value debug - Client certificate traffic is active through the virtual server
- Set the keymgmtd log level back to the default: tmsh modify sys db log.keymgmtd.level value info - This stops memory growth without requiring a restart
None