When the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. (CVE-2021-23007)
Impact
TMM incorrectly determines that the fragment memory limit has been reached and drops all fragments it receives, disrupting traffic to the BIG-IP system.
You can determine if your system is impacted by running the tmctl ip_stat command from the BIG-IP command line and reviewing the output for an unusually large value in thefrag_bytes_used column for a given TMM. You may observe that some TMM processes have high values and others do not. For example:
rx_frag rx_frag_dropped err_frag_mem_limit_reached frag_bytes_used
-------- --------------- -------------------------- --------------------
46406517 508 0 0
rx_frag rx_frag_dropped err_frag_mem_limit_reached frag_bytes_used
-------- --------------- -------------------------- --------------------
44739031 217 0 0
rx_frag rx_frag_dropped err_frag_mem_limit_reached frag_bytes_used
-------- --------------- -------------------------- --------------------
39322744 8404728 8404628 18446744073709547072
rx_frag rx_frag_dropped err_frag_mem_limit_reached frag_bytes_used
-------- --------------- -------------------------- --------------------
33528060 15659496 15659334 18446744073709547072
rx_frag rx_frag_dropped err_frag_mem_limit_reached frag_bytes_used
-------- --------------- -------------------------- --------------------
46712180 157 0 0
rx_frag rx_frag_dropped err_frag_mem_limit_reached frag_bytes_used
-------- --------------- -------------------------- --------------------
38912369 10588696 10588558 18446744073709547072