Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP All
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
Fixed In:
12.1.0
Opened: Jan 26, 2016 Severity: 3-Major
During IPsec configuration changes, an IKEv2 message may fail to be sent to the peer, and the packet memory could be release twice that causes segmentation fault crash in TMM.
Traffic disrupted while tmm restarts.
IPsec configuration changes, and IKEv2 tries to send message to the disconnected remote peer.
The situation is rare, and mostly caused by rapid IPsec configuration changes to traffic-selectors or ipsec-policies. Pacing the configuration changes apart in time will help avoid the situation.
The double-release of the packet memory for the IKEv2 message has been fixed so that the rare sequence of IPsec configuration change does not cause TMM core.