NVD Vulnerability Detail

CVE-2022-48999

Summary	In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference Gwangun Jung reported a slab-out-of-bounds access in fib_nh_match: fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961 fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753 inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874 Separate nexthop objects are mutually exclusive with the legacy multipath spec. Fix fib_nh_match to return if the config for the to be deleted route contains a multipath spec while the fib_info is using a nexthop object.
Publication Date	Oct. 22, 2024, 5:15 a.m.
Registration Date	Oct. 22, 2024, 12:01 p.m.
Last Update	Oct. 31, 2024, 11:44 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/cc3cd130ecfb8b0ae52e235e487bae3f16a24a32	Patch
2	https://git.kernel.org/stable/c/0b5394229ebae09afc07aabccb5ffd705ffd250e	Patch
3	https://git.kernel.org/stable/c/25174d91e4a32a24204060d283bd5fa6d0ddf133	Patch
4	https://git.kernel.org/stable/c/bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2	Patch
5	https://git.kernel.org/stable/c/61b91eb33a69c3be11b259c5ea484505cd79f883	Patch

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html

JVN Vulnerability Information

Linux の Linux Kernel における境界外読み取りに関する脆弱性

Title	Linux の Linux Kernel における境界外読み取りに関する脆弱性
Summary	Linux の Linux Kernel には、境界外読み取りに関する脆弱性が存在します。
Possible impacts	情報を取得される、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 7, 2022, midnight
Registration Date	Nov. 1, 2024, 4:31 p.m.
Last Update	Nov. 1, 2024, 4:31 p.m.

Affected System

Linux

Linux Kernel 5.11 以上 5.15.82 未満

Linux Kernel 5.16 以上 6.0.12 未満

Linux Kernel 5.3 以上 5.4.226 未満

Linux Kernel 5.5 以上 5.10.158 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-48999	https://www.cve.org/CVERecord?id=CVE-2022-48999
National Vulnerability Database (NVD)
2	CVE-2022-48999	https://nvd.nist.gov/vuln/detail/CVE-2022-48999

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-125	https://cwe.mitre.org/data/definitions/125.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (0b53942)	https://git.kernel.org/stable/c/0b5394229ebae09afc07aabccb5ffd705ffd250e
2	ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (25174d9)	https://git.kernel.org/stable/c/25174d91e4a32a24204060d283bd5fa6d0ddf133
3	ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (61b91eb)	https://git.kernel.org/stable/c/61b91eb33a69c3be11b259c5ea484505cd79f883
4	ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (bb20a2a)	https://git.kernel.org/stable/c/bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2
5	ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (cc3cd13)	https://git.kernel.org/stable/c/cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
Linux Kernel
6	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年11月01日] 掲載	Nov. 1, 2024, 9:48 a.m.