K55102452: TMM vulnerability CVE-2017-6140

Security Advisory Description Undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles using AES-GCM cipher suites may cause disruption of data plane services. CVE-2017-6140 This vulnerability affects the following BIG-IP platforms: 2000s, 2200s, 4000s, 4200v,...

K42051445: BIG-IP Advanced WAF and ASM WebSocket vulnerability CVE-2021-23030

Security Advisory Description When a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. CVE-2021-23030 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote attacker to cause a denial-of-service DoS on the...

K46940010: TMM vulnerability CVE-2018-5513

Security Advisory Description A malformed Transport Layer Security TLS handshake causes the Traffic Management Microkernel TMM to stop responding, leading to a disruption of service. This issue is only exposed on the data plane when a Proxy SSL configuration is enabled. The control plane is not...

K45421311: BIG-IP TMM vulnerability CVE-2020-5925

Security Advisory Description Undisclosed internally-generated User Datagram Protocol UDP traffic may cause the Traffic Management Microkernel TMM to restart under some circumstances.CVE-2020-5925 A BIG-IP system experiencing this vulnerability may log the following error message to the...

K00721320: BIG-IP AFM NAT64 policy vulnerability CVE-2022-41806

Security Advisory Description When a BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2022-41806 Impact System performance can degrade until the TMM...

K16187341: BIG-IP ICAP profile vulnerability CVE-2022-27189

Security Advisory Description When an Internet Content Adaptation Protocol ICAP profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel TMM memory resource utilization. CVE-2022-27189 Impact Traffic is disrupted while the TMM process...

K10930474: TMM vulnerability CVE-2017-6155

Security Advisory Description Malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure. CVE-2017-6155 Impact An attacker may be able to disrupt traff...

K36942191: Advanced WAF and BIG-IP ASM MySQL database vulnerability CVE-2021-23053

Security Advisory Description When the brute force protection feature of ASM/Adv WAF is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. CVE-2021-23053...

K93543114: BIG-IP APM vulnerability CVE-2022-27181

Security Advisory Description When APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. CVE-2022-27181 Impact System performance can degrade while the system is...

K52340447: F5 ePVA vulnerability CVE-2022-28705

Security Advisory Description On platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel TMM process to terminate. CVE-2022-28705 Impact Traff...

K93504311: TMM vulnerability CVE-2022-34655

Security Advisory Description When an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel TMM to terminate. CVE-2022-34655 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a...

K81557381: BIG-IP HTTP/2 vulnerability CVE-2019-6673

Security Advisory Description When the BIG-IP system is configured in HTTP/2 full proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel TMM. CVE-2019-6673 Impact An attacker may be able to use a specifically crafted request to...

K93526903: BIG-IP APM portal access vulnerability CVE-2022-23014

Security Advisory Description When BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2022-23014 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows an authenticated...

K02201365: SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575

Security Advisory Description A flaw was found in the way TLS 1.2 uses RSA+MD5 signatures with Client Authentication and ServerKeyExchange messages during a TLS 1.2 handshakes. An attacker with a Man-in-the-Middle network position and the ability to force / observe the use of RSA+MD5 during a TLS...

K000132639: ALPACA: TLS vulnerability CVE-2021-3618

Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...

SUSE CVE-2020-10722

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...

SUSE CVE-2020-10724

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...

SUSE CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

SUSE CVE-2020-14376

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying ivdata from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as syst...

SUSE CVE-2021-3839

A flaw was found in the vhost library in DPDK. Function vhostusersetinflightfd does not validate msg-payload.inflight.numqueues, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability...