When processing TLS traffic with hardware cryptographic acceleration enabled on platforms with Intel QAT hardware, the Traffic Management Microkernel (TMM) may stop responding and cause a failover event. (CVE-2020-5872)
Impact
Hardware cryptographic acceleration fails and TMM may stop responding, which causes a failover event if the BIG-IP system is configured as part of a device group. This vulnerability applies to the following platforms:
Note: BIG-IP VE cryptographic and compression offload is a licensed feature available only on the KVM hypervisor. If you have licensed this feature (a BIG-IP VE using the affected Intel QAT hardware [Lewisburg and Lewis Hill QAT devices] with an affected Intel QAT SR-IOV VF driver included in the BIG-IP VE version) then the Intel QAT PF (Lewisburg and Lewis Hill QAT devices) driver installed on the host is vulnerable. Under this very explicit KVM scenario, a BIG-IP VE is vulnerable.