CVE-2015-5516

Vulnerability

A memory leak exists in the last hop kernel module of multiple F5 products, including BIG-IP LTM, GTM, and Link Controller versions 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, as well as several other BIG-IP modules and Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 [1]. The vulnerability is triggered when the system processes a large number of crafted UDP packets, causing the kernel module to leak memory without proper bounds [1].

Exploitation

To exploit this vulnerability, an attacker needs network access to send a high volume of specially crafted UDP packets to the affected device [1]. No authentication or user interaction is required; the attacker can be remote and does not need any special privileges. The attack vector is network-based, and the complexity is low, as the crafted packets can be generated and sent without sophisticated techniques [1].

Impact

Successful exploitation leads to a denial of service condition due to progressive memory exhaustion [1]. Over time, the memory leak consumes available kernel memory, causing the device to become unresponsive, drop legitimate traffic, or crash. This affects confidentiality, integrity, and availability (though primarily availability), as the device fails to perform its intended functions [1].

Mitigation

F5 has released fixes in the following hotfix versions: 10.2.4 HF13, 11.2.1 HF15, 11.5.3 HF2, 11.6.0 HF6, and 11.4.1 HF for affected BIG-IP versions [1]. For Enterprise Manager and BIG-IQ products, specific fixes are noted in the advisory [1]. No workaround is provided in the reference, so upgrading to the patched version is the recommended action [1]. If a fix is not applicable, users should restrict UDP traffic to only trusted sources or monitor memory usage closely.