CVE-2022-49092: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49092 addresses a vulnerability in the Linux kernel's IPv4 networking subsystem, specifically related to route deletion with nexthop object handling. The issue was discovered when FRR (FRRouting) users encountered a kernel warning while attempting to delete routes pointing to a nexthop ID without specifying the nhid but matching on an interface (Kernel Git).

The vulnerability stems from the fibinfonh() function in include/net/nexthop.h triggering a warning when run on a fibinfo with nexthop object. The issue occurs in the call chain: inetrtmdelroute -> fibtabledelete -> fibnhmatch, where the function is called with a nexthop fibinfo and fc_oif set. This causes the warning when attempting to match the route (Kernel Git).

When triggered, the vulnerability results in kernel warnings and potential system instability. The issue affects route management operations, particularly when dealing with nexthop object deletion in network configurations (Kernel Git).

The fix involves modifying the route deletion logic to prevent matching in cases where the fib_info has a nexthop object, as these are managed separately. The patch ensures proper handling of nexthop routes and prevents the warning condition. Users should update to patched kernel versions that include this fix (Kernel Git).