K26455071 : BIG-IP HSB vulnerability CVE-2019-6604

Security Advisory Description

Under certain conditions, hardware systems with a High-Speed Bridge (HSB) using non-default Layer 2 forwarding configurations may experience a lockup of the HSB. (CVE-2019-6604)

This vulnerability occurs when all of the following conditions are met:

• A VLAN group is configured.
• The vlangroup.flow.allocate database key is disabled.

Note: This is not the default configuration.

• You are running the BIG-IP system or BIG-IP Virtual Clustered Multiprocessing (vCMP) guests on one of the following hardware platforms:
  • BIG-IP i850 (C117)
  • BIG-IP i2x00 (C117)
  • BIG-IP 3900 (C106)
  • BIG-IP i4x00 (C115)
  • BIG-IP 5000 (C109)
  • BIG-IP i5x00 (C119)
  • BIG-IP i5820-DF (C125)
  • BIG-IP 6900 (D104)
  • BIG-IP 7000 (D110)
  • BIG-IP 8900 (D106)
  • BIG-IP i7x00 (C118)
  • BIG-IP i7820-DF (C126)
  • BIG-IP 8950 (D107)
  • BIG-IP 10000/102x0/ (D113)
  • BIG-IP 10350 (D112)
  • BIG-IP i10x00 (C116)
  • BIG-IP 11000 (E101)
  • BIG-IP 11050 (E102)
  • BIG-IP i11x00 (C123)
  • BIG-IP i11800-DS (C124)
  • BIG-IP 12250 (D111)
  • BIG-IP i15x00 (D116)
  • VIPRION 2400 (B2100, B2150, B2250)
  • VIPRION (B4100, B4200, B4300, B4340, B4450)

Note: BIG-IP Virtual Edition (VE) and Cloud Edition products are not affected.

Impact

The BIG-IP system stops processing traffic, eventually leading to a failover to another host in the high availability (HA) group.