Your submission was sent successfully! Close

CVE-2022-29800

Published: 27 April 2022

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

Priority

High

CVSS 3 base score: 4.7

Status

Package Release Status
networkd-dispatcher
Launchpad, Ubuntu, Debian
bionic
Released (1.7-0ubuntu3.4)
focal
Released (2.1-2~ubuntu20.04.2)
impish
Released (2.1-2ubuntu0.21.10.1)
jammy
Released (2.1-2ubuntu0.22.04.1)
upstream Pending
(2.2.1)
Patches:
upstream: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133
upstream: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/41e1d0f123c1113de24bafa3f23359e647945173