Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3
Fixed In:
14.0.0, 13.1.0.4, 13.0.1, 12.1.3.3, 11.6.3.1, 11.5.6
Opened: Feb 20, 2018 Severity: 1-Blocking
Mitigations might CVE-2017-5754 Meltdown/PTI (Page Table Isolation) can negatively impact performance. Please see https://support.f5.com/csp/article/K91229003 for additional Spectre and Meltdown information.
Meltdown/PTI mitigations may negatively impact performance.
Mitigations for CVE-2017-5754 Meltdown/PTI (Page Table Isolation) enabled.
Disable CVE-2017-5754 Meltdown/PTI mitigations. To turn off mitigations for CVE-2017-5754 Meltdown/PTI, run the following command: tmsh modify sys db kernel.pti value disable Note: Turning off these mitigations renders the system vulnerable to CVE-2017-5754 Meltdown; but in order to take advantage of this vulnerability, they must already possess the ability to run arbitrary code on the system. Good access controls and keeping your system up-to-date with regards to security fixes will mitigate this risk on non-VCMP systems. vCMP systems with multiple tenants should leave these mitigations enabled. Please see https://support.f5.com/csp/article/K91229003 for additional Spectre and Meltdown information.
On releases that provide mitigations for CVE-2017-5754 Meltdown/PTI, the protection is enabled by default, but can be controlled using db variables. Please see https://support.f5.com/csp/article/K91229003 for additional Spectre and Meltdown information.