CVE-2022-48999: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48999 is a vulnerability in the Linux kernel that involves an out-of-bounds memory access in the IPv4 networking stack. The issue specifically occurs when attempting to delete a multipath route when fib_info contains a nexthop (nh) reference. The vulnerability was discovered by Gwangun Jung and affects Linux kernel versions from 5.3 through 6.0.12 (NVD).

The vulnerability manifests as a slab-out-of-bounds access in the fib_nh_match function (fib_semantics.c:961). The issue occurs in the call chain: fib_nh_match+0xf98/0x1130 -> fib_table_delete+0x5f3/0xa40 -> inet_rtm_delroute+0x2b3/0x380. The root cause is related to separate nexthop objects being mutually exclusive with the legacy multipath specification. The vulnerability has been assigned a CVSS v3.1 base score of 7.1 HIGH (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) (NVD).

The vulnerability can lead to an out-of-bounds memory access, which could expose TCP protocol data and potentially result in a partial denial of service (DoS). This issue is considered a moderate impact flaw due to its potential to expose sensitive information and affect system availability (Red Hat).

The vulnerability has been fixed by modifying the fib_nh_match function to return if the config for the to-be-deleted route contains a multipath spec while the fib_info is using a nexthop object. The fix has been implemented in various kernel versions through patches (Kernel Patch).