CVE-2022-48999: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48999 is a vulnerability in the Linux kernel that involves an out-of-bounds memory access in the IPv4 networking stack. The issue specifically occurs when attempting to delete a multipath route when fib_info contains a nexthop (nh) reference. The vulnerability was discovered by Gwangun Jung and affects Linux kernel versions from 5.3 through 6.0.12 (NVD).

The vulnerability manifests as a slab-out-of-bounds access in the fibnhmatch function (fibsemantics.c:961). The issue occurs in the call chain: fibnhmatch+0xf98/0x1130 -> fibtabledelete+0x5f3/0xa40 -> inetrtm_delroute+0x2b3/0x380. The root cause is related to separate nexthop objects being mutually exclusive with the legacy multipath specification. The vulnerability has been assigned a CVSS v3.1 base score of 7.1 HIGH (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) (NVD).

The vulnerability can lead to an out-of-bounds memory access, which could expose TCP protocol data and potentially result in a partial denial of service (DoS). This issue is considered a moderate impact flaw due to its potential to expose sensitive information and affect system availability (Red Hat).

The vulnerability has been fixed by modifying the fibnhmatch function to return if the config for the to-be-deleted route contains a multipath spec while the fib_info is using a nexthop object. The fix has been implemented in various kernel versions through patches (Kernel Patch).