Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2
Fixed In:
16.1.0
Opened: Jul 23, 2020 Severity: 2-Critical
TMM restart as SOD watchdog thinks that TMM is stuck in an infinite loop while its just busy processing of the large amount of hyperscan matches.
Traffic disrupted while tmm restarts.
Certain IPS snort rules are weak (like NULL bytes) and on certain type of network traffic, it can lead to large number of hyperscan matches and hence it may lead to SIGABRT by SOD watchdog daemon.
Enable the following system compliance checks in IPS profile with action DROP/REJECT. max_inspection_count -> Change action "DROP" max_signature_engine_memory_chunk_size -> Change action "DROP" max_signature_engine_memory_size -> Change action "DROP" max_signature_hs_match_count -> Change action "DROP" This will ensure that IPS does not consume more than the allowed system resources and will prevent a crash.
Fixed a tmm crash related to IPS