Notice
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision History
Revision
Publish Date
Comments
1.0
12-Aug-20
Initial Release
2.0
31-Aug-20
Updated the Products Affected and Workaround/Solution Sections
Products Affected
Affected OS Type
Affected Software Product
Affected Release
Affected Release Number
Comments
NON-IOS
Firepower Extensible Operating System
2
2.0.1
NON-IOS
Firepower Extensible Operating System
2.1
2.1.1.106, 2.1.1.107, 2.1.1.113, 2.1.1.115, 2.1.1.116, 2.1.1.64, 2.1.1.69, 2.1.1.73, 2.1.1.77, 2.1.1.83, 2.1.1.85, 2.1.1.86, 2.1.1.97
NON-IOS
Firepower Extensible Operating System
2.2
2.2.1.63, 2.2.1.66, 2.2.1.70, 2.2.2.101, 2.2.2.17, 2.2.2.19, 2.2.2.24, 2.2.2.26, 2.2.2.28, 2.2.2.54, 2.2.2.60, 2.2.2.71, 2.2.2.83, 2.2.2.86, 2.2.2.91, 2.2.2.97
NON-IOS
Firepower Extensible Operating System
2.3
2.3.1.110, 2.3.1.111, 2.3.1.130, 2.3.1.144, 2.3.1.145, 2.3.1.155, 2.3.1.166, 2.3.1.56, 2.3.1.58, 2.3.1.66, 2.3.1.73, 2.3.1.75, 2.3.1.88, 2.3.1.91, 2.3.1.93, 2.3.1.99
NON-IOS
Firepower Extensible Operating System
2.4
2.4.1.101, 2.4.1.214, 2.4.1.222, 2.4.1.234, 2.4.1.238, 2.4.1.244, 2.4.1.249
NON-IOS
Firepower Extensible Operating System
2.6
2.6.1.131, 2.6.1.157, 2.6.1.166, 2.6.1.169, 2.6.1.174
NON-IOS
Firepower Extensible Operating System
2.7
2.7.1.92, 2.7.1.98
Defect Information
Defect ID
Headline
DME process crash due to memory leak on Firepower 4100/9300
Problem Description
A memory leak in the Firepower eXtensible Operating System (FXOS) might cause a Data Management Engine (DME) process crash on Firepower 4100 and Firepower 9300 Series security appliances.
Background
The DME within FXOS manages end points in the Firepower object model, which includes physical components (chassis, I/O module, security modules), logical components (policies), and workflows (server discovery, service profile management, downloads, upgrades, backups).
The DME process might crash and restart due to a memory leak that is related to periodic validation of trust points and their respective certificate chain. Prior to FXOS Version 2.4.1, the issue only occurs when Common Criteria (CC) mode is enabled. For affected FXOS Versions 2.4.1 and later, the memory leak is unconditional. This issue affects the Firepower 4100 and Firepower 9300 Series security appliances.
Problem Symptom
The DME process crash might cause the FPR4100 and FPR9300 Series security appliance to restart and affect service. For high-availability network configurations, a failover from the active to the standby device might occur. In clustering network configurations, a node leave event might occur.
Workaround/Solution
Upgrade the FXOS software on the FPR4100 and FPR9300 Series security appliances to one of these versions:
FXOS 2.3.1.173 or later
FXOS 2.4.1.252 or later
FXOS 2.6.1.187 or later
FXOS 2.7.1.106 or later
FXOS 2.8.1 or later
See the Cisco Firepower 4100/9300 Upgrade Guide for instructions on how to upgrade the FXOS software.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.