Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Linux Platforms unexpected reboot after upgrading Kernel Support Package due to ssl_encrypted_verify function failure

    • Updated:
    • 29 Sep 2021
    • Product/Version:
    • Platform:
    • SUSE12, RHEL8, RHEL6, Oracle Linux 7, Ubuntu 16.04
Summary

An issue has been found with the recently released kernel support package for the following Linux platforms:

  • SUSE 12
  • RHEL 8
  • RHEL 6
  • Oracle Linux 7
  • Ubuntu 16.04

When the server receives a big certificate file in order to do the authentication through TLS/SSL protocol, the server may crash or reboot.

Details
Public

Here is the list of identified kernel support package(KSP) that may cause the unexpected server reboot issue:

  • SUSE12 - 20.0.0-2734
  • RHEL8 - 20.0.0-2745
  • RHEL8 - 20.0.0-2760
  • RHEL6 - 20.0.0-2756
  • Oracle Linux7 - 20.0.0-2758
  • Ubuntu16.04 - 20.0.0-2759

 

To verify the issue.

When a user encounter crash/reboot issue, check the following error in call track (dmesg) and verify if the ssl_encrypted_verify function caused the reboot.

  • ssl_encrypted_verify+0x17/0x50 [dsa_filter]

                                     or

  • ssl_encrypted_verify+0x33/0x60 [dsa_filter]

This issue may not immediately occur. and it is recommended to verify if you are using the faulty KSP release. 
Note: If you are not encountering the issue, it is highly recommended to ensure you are running the latest KSP release to prevent the issue. You may jump to step 4 to check and driver info in your Linux server. 

To resolve this issue:

  1. Make sure you have the latest Kernel Support Package, Login to your manager web console and go to  Administration > Updates > Software > Local.
  2. Verify that you have the minimum kernel support package or higher.
    1. Minimum Kernel Support Package that includes the fix: 
  3. Go to the Computers Tab, select the target computers. Right-Click, go to Actions and  click Send Policy.
  4. SSH to the target computer
  5. run "cat /proc/driver/dsa/info" and check if KSP version is between 12.6.0.1609 and 12.6.0.1617 
  6. Restart the agent service.

       run "sudo service ds_agent restart"

  7. Verify that the new kernel has been update, run "cat /proc/driver/dsa/info" again and check if KSP version has been upgraded to 12.6.0.1618 or above
If the steps above fail, please proceed to deactivate and reactivate the agent. 
        1. From the Computer list, Go to the computer properties. 
        2. Go to the overview, Go to Actions Tab. and click the deactivate
        3. Click Activate
        4. Check the driver if updated. run "cat /proc/driver/dsa/info" 
 
 
It is IMPORTANT to restart the ds_agent service to apply the new KSP in the agent
Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000289088
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.