VYPR
Unrated severityNVD Advisory· Published Oct 21, 2024· Updated May 4, 2025

ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference

CVE-2022-48999

Description

In the Linux kernel, the following vulnerability has been resolved:

ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference

Gwangun Jung reported a slab-out-of-bounds access in fib_nh_match: fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961 fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753 inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874

Separate nexthop objects are mutually exclusive with the legacy multipath spec. Fix fib_nh_match to return if the config for the to be deleted route contains a multipath spec while the fib_info is using a nexthop object.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

150

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.