When processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel (TMM) to restart. (CVE-2020-27720)
PBA mode provides the ability to log only the allocation and release of port blocks for a subscriber, instead of separately logging each network address translation (NAT) session as a separate translation event, as with network address and port translation (NAPT), thus reducing the number of log entries while maintaining legal mapping and reverse mapping requirements.
The SP-DAG uses a hash of source IP address (from client) and destination IP address (from server).
Impact
Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, the system triggers a failover to the peer device.