{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48999", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-22T01:27:53.642Z", "datePublished": "2024-10-21T20:06:14.118Z", "dateUpdated": "2025-05-04T08:27:46.832Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:27:46.832Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Handle attempt to delete multipath route when fib_info contains an nh reference\n\nGwangun Jung reported a slab-out-of-bounds access in fib_nh_match:\n fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961\n fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753\n inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874\n\nSeparate nexthop objects are mutually exclusive with the legacy\nmultipath spec. Fix fib_nh_match to return if the config for the\nto be deleted route contains a multipath spec while the fib_info\nis using a nexthop object."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/fib_semantics.c", "tools/testing/selftests/net/fib_nexthops.sh"], "versions": [{"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e", "lessThan": "cc3cd130ecfb8b0ae52e235e487bae3f16a24a32", "status": "affected", "versionType": "git"}, {"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e", "lessThan": "0b5394229ebae09afc07aabccb5ffd705ffd250e", "status": "affected", "versionType": "git"}, {"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e", "lessThan": "25174d91e4a32a24204060d283bd5fa6d0ddf133", "status": "affected", "versionType": "git"}, {"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e", "lessThan": "bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2", "status": "affected", "versionType": "git"}, {"version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e", "lessThan": "61b91eb33a69c3be11b259c5ea484505cd79f883", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/fib_semantics.c", "tools/testing/selftests/net/fib_nexthops.sh"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.226", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.158", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.82", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.12", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.4.226"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.10.158"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.15.82"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.0.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/cc3cd130ecfb8b0ae52e235e487bae3f16a24a32"}, {"url": "https://git.kernel.org/stable/c/0b5394229ebae09afc07aabccb5ffd705ffd250e"}, {"url": "https://git.kernel.org/stable/c/25174d91e4a32a24204060d283bd5fa6d0ddf133"}, {"url": "https://git.kernel.org/stable/c/bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2"}, {"url": "https://git.kernel.org/stable/c/61b91eb33a69c3be11b259c5ea484505cd79f883"}], "title": "ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48999", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:15:25.948167Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:18:40.948Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48999", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:15:25.948167Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:15:29.512Z"}}], "cna": {"title": "ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e", "lessThan": "cc3cd130ecfb8b0ae52e235e487bae3f16a24a32", "versionType": "git"}, {"status": "affected", "version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e", "lessThan": "0b5394229ebae09afc07aabccb5ffd705ffd250e", "versionType": "git"}, {"status": "affected", "version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e", "lessThan": "25174d91e4a32a24204060d283bd5fa6d0ddf133", "versionType": "git"}, {"status": "affected", "version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e", "lessThan": "bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2", "versionType": "git"}, {"status": "affected", "version": "493ced1ac47c48bb86d9d4e8e87df8592be85a0e", "lessThan": "61b91eb33a69c3be11b259c5ea484505cd79f883", "versionType": "git"}], "programFiles": ["net/ipv4/fib_semantics.c", "tools/testing/selftests/net/fib_nexthops.sh"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.3"}, {"status": "unaffected", "version": "0", "lessThan": "5.3", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.226", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.158", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.82", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.0.12", "versionType": "semver", "lessThanOrEqual": "6.0.*"}, {"status": "unaffected", "version": "6.1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv4/fib_semantics.c", "tools/testing/selftests/net/fib_nexthops.sh"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/cc3cd130ecfb8b0ae52e235e487bae3f16a24a32"}, {"url": "https://git.kernel.org/stable/c/0b5394229ebae09afc07aabccb5ffd705ffd250e"}, {"url": "https://git.kernel.org/stable/c/25174d91e4a32a24204060d283bd5fa6d0ddf133"}, {"url": "https://git.kernel.org/stable/c/bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2"}, {"url": "https://git.kernel.org/stable/c/61b91eb33a69c3be11b259c5ea484505cd79f883"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Handle attempt to delete multipath route when fib_info contains an nh reference\n\nGwangun Jung reported a slab-out-of-bounds access in fib_nh_match:\n fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961\n fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753\n inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874\n\nSeparate nexthop objects are mutually exclusive with the legacy\nmultipath spec. Fix fib_nh_match to return if the config for the\nto be deleted route contains a multipath spec while the fib_info\nis using a nexthop object."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:12:10.647Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48999", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:12:10.647Z", "dateReserved": "2024-08-22T01:27:53.642Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T20:06:14.118Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC1AB8B7-B0BF-4B35-ACB8-88D567D14FEF", "versionEndExcluding": "5.4.226", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0FB1AF1-0A0B-4419-B25F-C61F17380E18", "versionEndExcluding": "5.10.158", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DC20DB6-73C1-4465-B931-117BFB8EBB02", "versionEndExcluding": "5.15.82", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6D56E90-F3EE-413D-B3E2-B518932F0C7D", "versionEndExcluding": "6.0.12", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Handle attempt to delete multipath route when fib_info contains an nh reference\n\nGwangun Jung reported a slab-out-of-bounds access in fib_nh_match:\n fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961\n fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753\n inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874\n\nSeparate nexthop objects are mutually exclusive with the legacy\nmultipath spec. Fix fib_nh_match to return if the config for the\nto be deleted route contains a multipath spec while the fib_info\nis using a nexthop object."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv4: Controlar el intento de eliminar una ruta multipath cuando fib_info contiene una referencia nh Gwangun Jung inform\u00f3 un acceso fuera de los l\u00edmites en fib_nh_match: fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961 fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753 inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874 Los objetos de siguiente salto separados son mutuamente excluyentes con la especificaci\u00f3n multipath heredada. Arreglar fib_nh_match para que regrese si la configuraci\u00f3n de la ruta que se va a eliminar contiene una especificaci\u00f3n de rutas m\u00faltiples mientras fib_info usa un objeto nexthop."}], "id": "CVE-2022-48999", "lastModified": "2024-10-31T14:44:10.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-10-21T20:15:11.630", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0b5394229ebae09afc07aabccb5ffd705ffd250e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/25174d91e4a32a24204060d283bd5fa6d0ddf133"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/61b91eb33a69c3be11b259c5ea484505cd79f883"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cc3cd130ecfb8b0ae52e235e487bae3f16a24a32"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference", "id": "2320724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320724"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nipv4: Handle attempt to delete multipath route when fib_info contains an nh reference\nGwangun Jung reported a slab-out-of-bounds access in fib_nh_match:\nfib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961\nfib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753\ninet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874\nSeparate nexthop objects are mutually exclusive with the legacy\nmultipath spec. Fix fib_nh_match to return if the config for the\nto be deleted route contains a multipath spec while the fib_info\nis using a nexthop object.", "An out-of-bounds memory access vulnerability was found in the Linux kernel. When fib_info contains an nh reference, the handle attempts to delete the multipath route."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48999", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48999\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48999\nhttps://lore.kernel.org/linux-cve-announce/2024102150-CVE-2022-48999-c5fd@gregkh/T"], "statement": "This issue is considered a moderate impact flaw, as the exploitation for this will expose TCP protocol data and may lead to a partial DOS.", "threat_severity": "Moderate"}