FN414 - Memory Leak in HAL Process in EXOS 16.1.4 - How urgent?

  • 0
  • 1
  • Question
  • Updated 12 months ago
  • Answered
Hi,

FN414 mention memory leak in HAL process which lead to network instability or switch reboot.

My question is how urgent an update to v16.1.4-patch 1-3 or later should be done?
Does somebody know the uptime a switch need to run in this problem?
Or how many Switches are affected? Every Switch running this version or one out of thousand?

We are running BD8810, X670 and X460 with this xos-version.

Thanks in advance.
Photo of Thorsten Breidenbach

Posted 2 years ago

  • 0
  • 1
Photo of Henrique

Henrique, Employee

  • 10,342 Points 10k badge 2x thumb
Hi Thorsten, this issue affects all EXOS platforms running the unpatched version of EXOS 16.1.4.2.

It's difficult to know when the issue would happen, since that depends on FDB add/delete and MACMoves events not releasing the memory properly. 

If you are running EXOS 16.1.4.2 no patch I would recommend you to upgrade to EXOS 16.1.4.2 patch1-3 to avoid any surprise.
Photo of Weidle, Bert

Weidle, Bert, Alum

  • 534 Points 500 badge 2x thumb
Hi Thorsten,  It is very difficult to predict how quickly this issue will be seen, since it depends on many factors, including the number of FDB deletions and MAC moves.  
You may monitor  'show memory process hal' output periodically to see memory utilization.  If HAL memory utilization is rapidly increasing, then you really need to upgrade soon.
We recommend that you upgrade as soon as possible, if you are running EXOS 16.1.4.2
Photo of Tripathy, Priya Ranjan

Tripathy, Priya Ranjan, ESE

  • 2,306 Points 2k badge 2x thumb
Hello Thorsten,

In addition to what Henrique has to say please find some additional information as below:

Either upgrade to EXOS16.1.4p1-3 or later as you are already running on this Exos version at present.. Else try to stay on any of the following build:
16.2.x , 21.x and 22.x----------They all do not exhibit this reported behavior so far.

Hope all these information will be helpful for you......
 
Photo of Andy Robinson

Andy Robinson

  • 60 Points
This behavior can be triggered reliably by network vulnerability testing using OpenVAS testing all IANA-assigned TCP and UDP ports and using the Full and Complete Ultimate testing template.

Is there a CVE related to this issue?

A. Robinson, CISSP CSSLP CGEIT CISM
(Edited)
Photo of Drew C.

Drew C., Community Manager

  • 40,114 Points 20k badge 2x thumb
Hi Andy, I'm not aware of any CVE being published for this issue. If you'd like to discuss further, privately, let me know and I'll get you in touch with our vulnerability team.