Guest

Preview Tool

Cisco Bug: CSCvv58605 - ASA traceback and reload in thread:Crypto CA,mem corruption by unvirtualized pki global table in MTX

Last Modified

Oct 07, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.8(4.15) 9.8(4.20)

Description (partial)

Symptom:
ASA traceback and reload in thread: Crypto CA
Memory corruption caused due to the use of a single global unvirutalized pki global table in multi context mode.

Conditions:
First seen on:

> ASA configured with RA VPN on release 9.8.4.15

Condition is a special case in multi-context mode. We were using a single global pki table across all the user contexts in multi context mode which might cause a collision for crypto ca pki request ids in this very table. This happened in the customer case where they have RA VPN going on in multiple contexts with OCSP revocation check.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.