Linux Kernel Nexthop Route Deletion Warning Vulnerability

A vulnerability in the Linux kernel's handling of route deletion can lead to a warning being triggered when routes pointing to a nexthop ID are deleted without specifying the nexthop ID, but while matching on an interface. This issue arises because the route deletion process inadvertently interacts with nexthop objects, which are managed separately, causing a kernel warning. The vulnerability is present in the route deletion command when using the old-style nexthop specification, as these routes are handled differently.

Impact

The vulnerability causes a kernel warning to be issued, indicating a potential issue with route management that could be exploited to disrupt normal operations or cause confusion in network routing.

Reproduction

To reproduce this vulnerability, delete a route that points to a nexthop ID without specifying the nexthop ID, while matching on an interface. This can be done using the 'ip route delete' command with the appropriate parameters. The kernel warning will be triggered during the deletion process, indicating a mismatch in how nexthop objects are being handled.

Remediation

No specific remediation is mentioned, but users should be aware of the correct way to manage nexthop routes to avoid triggering the warning.