Skip to main content

CVE-2022-29800: CWE-367 in networkd-dispatcher

Medium
VulnerabilityCVE-2022-29800cvecve-2022-29800cwe-367
Published: Wed Sep 21 2022 (09/21/2022, 18:21:17 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: networkd-dispatcher

Description

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

AI-Powered Analysis

AILast updated: 07/07/2025, 09:13:28 UTC

Technical Analysis

CVE-2022-29800 is a medium-severity vulnerability classified as a time-of-check-time-of-use (TOCTOU) race condition found in the networkd-dispatcher component. Networkd-dispatcher is a service that listens for network state changes and dispatches scripts accordingly, typically running scripts with root privileges. The vulnerability arises because there is a window of time between when networkd-dispatcher discovers scripts to execute and when it actually runs them. During this interval, an attacker with limited privileges can replace or modify the scripts that networkd-dispatcher believes to be owned by root with malicious scripts owned by the attacker. This race condition (CWE-367) can lead to privilege escalation, allowing an attacker with low privileges to execute arbitrary code with elevated (root) privileges. The CVSS 3.1 base score is 4.7, reflecting a medium severity with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating local attack vector, high attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. No known exploits are reported in the wild, and no patches are linked in the provided data. The affected versions are unspecified, but the vulnerability was published on September 21, 2022. This vulnerability is significant because it can be exploited to gain root-level code execution on affected systems, potentially compromising system integrity and control over network-related operations.

Potential Impact

For European organizations, this vulnerability poses a risk primarily to systems running networkd-dispatcher, which is commonly found in Linux distributions used in servers, desktops, and network infrastructure. Successful exploitation could allow attackers with limited local access to escalate privileges to root, leading to unauthorized control over critical network configuration and services. This could result in manipulation or disruption of network connectivity, interception or redirection of network traffic, and installation of persistent malware. Organizations in sectors with high reliance on Linux-based infrastructure, such as telecommunications, finance, government, and critical infrastructure, could face operational disruptions and data integrity issues. Although the attack requires local access and has high attack complexity, insider threats or attackers who have gained initial footholds could leverage this vulnerability to deepen their control. The lack of confidentiality impact reduces the risk of direct data leakage, but the high integrity impact means attackers can alter system behavior and configurations, potentially undermining trust in network operations and security monitoring.

Mitigation Recommendations

To mitigate CVE-2022-29800, European organizations should: 1) Identify and inventory all systems running networkd-dispatcher and verify their versions. 2) Monitor vendor and distribution security advisories for patches or updates addressing this vulnerability and apply them promptly once available. 3) Restrict local access to systems running networkd-dispatcher to trusted users only, minimizing the risk of local exploitation. 4) Implement strict file system permissions and integrity monitoring on directories and scripts used by networkd-dispatcher to detect unauthorized modifications or replacements. 5) Employ mandatory access controls (e.g., SELinux, AppArmor) to limit the ability of low-privileged users to modify scripts or escalate privileges. 6) Use system auditing and logging to detect suspicious activities related to script execution and privilege escalations. 7) Consider network segmentation and isolation for critical systems to reduce the attack surface. 8) Educate system administrators and users about the risks of local privilege escalation vulnerabilities and the importance of maintaining system hygiene.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
fedora
Date Reserved
2022-04-25T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68371692182aa0cae24f0c44

Added to database: 5/28/2025, 1:58:42 PM

Last enriched: 7/7/2025, 9:13:28 AM

Last updated: 8/17/2025, 2:11:15 PM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats