Description

In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference Gwangun Jung reported a slab-out-of-bounds access in fib_nh_match: fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961 fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753 inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874 Separate nexthop objects are mutually exclusive with the legacy multipath spec. Fix fib_nh_match to return if the config for the to be deleted route contains a multipath spec while the fib_info is using a nexthop object.

INFO

Published Date :

2024-10-21T20:06:14.118Z

Last Modified :

2025-05-04T08:27:46.832Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-48999 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-48999.

URL Resource
https://git.kernel.org/stable/c/0b5394229ebae09afc07aabccb5ffd705ffd250e cve-icon cve-icon
https://git.kernel.org/stable/c/25174d91e4a32a24204060d283bd5fa6d0ddf133 cve-icon cve-icon
https://git.kernel.org/stable/c/61b91eb33a69c3be11b259c5ea484505cd79f883 cve-icon cve-icon
https://git.kernel.org/stable/c/bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2 cve-icon cve-icon
https://git.kernel.org/stable/c/cc3cd130ecfb8b0ae52e235e487bae3f16a24a32 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024102150-CVE-2022-48999-c5fd@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-48999 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-48999 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact