Dear Cisco Customer,
Cisco engineering has identified the following software issues with the release that you have selected that may affect your use of this software. Please review the Software Advisory notice here to determine if the issues apply to your environment. You may proceed to download this software if you have no concerns with the issue described.
For more comprehensive information about what is included in this software, refer to the Cisco software Release Notes, available from the Product Selector tool. From this page, select the product you are interested in. Release Notes are under "General Information" on the product page.
For Firepower 4100/9300 devices:
Affected Software and Replacement Solution for CSCvs39368 |
||
Software Type |
Software Affected |
Software Solution |
Cisco FXOS Software |
Version: FXOS 2.4.1 and later Note: For FXOS 2.3.1 and prior, the memory leak only occurs when Common Criteria mode is enabled
|
Version: 2.3.1.173 2.4.1.252 2.6.1.187 2.7.1.106
Replacement Images: fxos-k9.2.3.1.173.SPA fxos-k9.2.4.1.252.SPA fxos-k9.2.6.1.187.SPA fxos-k9.2.7.1.106.SPA |
For Firepower 2100 devices:
Affected Software and Replacement Solution for CSCvs61701 |
||
Software Type |
Software Affected |
Software Solution |
Cisco FXOS Software |
Version: All versions of FXOS bundled with ASA (if Common Criteria mode is enabled)
|
Version: Not yet available
Replacement Images: Not yet available |
Reason for Advisory:
This software advisory addresses one software issue. Note that there are two bugs covered in this software advisory, to account for the associated fixes to Firepower 4100/9300, and Firepower 2100 series devices:
CSCvs39368
DME process crash due to memory leak on Firepower 9300/4100
CSCvs61701
DME process crash due to memory leak on Firepower 2100
Affected Platforms:
Firepower 9300 devices
Firepower 4100 devices
Firepower 2100 devices
Symptom:
Due to a memory leak in Data Management Engine (DME), after a long system uptime, the system will reach a cap on memory usage by the DME processes. This results in a memory assert crash of DME on Firepower 2100, 4100, and 9300 devices. The DME crashes in turn result in severe impacts to the installed applications, interfaces, etc. This effectively can cause adverse network operational impacts such as failover, cluster member drops, or outages, while the DME restarts.
Conditions:
The conditions for these defects vary per hardware, version (pre or post 2.4.1), as well as Common Criteria (CC) mode configuration. Please refer to the below for clarity:
For Firepower 4100 and 9300 hardware:
FXOS 2.3.1 or prior - memory leak only occurs when Common Criteria (CC) mode is enabled
FXOS 2.4.1 and later – memory leak occurs regardless of whether or not CC mode is enabled
For Firepower 2100 hardware running ASA:
The memory leak ONLY occurs when Common Criteria (CC) mode is enabled, regardless of the bundled FXOS version in the ASA package. Note that this defect does not impact Firepower 2100 devices running FTD with FXOS.
Workaround:
The only workaround known at this time is to periodically (before 150 days) reboot the device. A software upgrade to a fixed version is required to fix the issue.