CVE-2022-29800: CWE-367 in networkd-dispatcher
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
AI Analysis
Technical Summary
CVE-2022-29800 is a medium-severity vulnerability classified as a time-of-check-time-of-use (TOCTOU) race condition found in the networkd-dispatcher component. Networkd-dispatcher is a service that listens for network state changes and dispatches scripts accordingly, typically running scripts with root privileges. The vulnerability arises because there is a window of time between when networkd-dispatcher discovers scripts to execute and when it actually runs them. During this interval, an attacker with limited privileges can replace or modify the scripts that networkd-dispatcher believes to be owned by root with malicious scripts owned by the attacker. This race condition (CWE-367) can lead to privilege escalation, allowing an attacker with low privileges to execute arbitrary code with elevated (root) privileges. The CVSS 3.1 base score is 4.7, reflecting a medium severity with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating local attack vector, high attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. No known exploits are reported in the wild, and no patches are linked in the provided data. The affected versions are unspecified, but the vulnerability was published on September 21, 2022. This vulnerability is significant because it can be exploited to gain root-level code execution on affected systems, potentially compromising system integrity and control over network-related operations.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running networkd-dispatcher, which is commonly found in Linux distributions used in servers, desktops, and network infrastructure. Successful exploitation could allow attackers with limited local access to escalate privileges to root, leading to unauthorized control over critical network configuration and services. This could result in manipulation or disruption of network connectivity, interception or redirection of network traffic, and installation of persistent malware. Organizations in sectors with high reliance on Linux-based infrastructure, such as telecommunications, finance, government, and critical infrastructure, could face operational disruptions and data integrity issues. Although the attack requires local access and has high attack complexity, insider threats or attackers who have gained initial footholds could leverage this vulnerability to deepen their control. The lack of confidentiality impact reduces the risk of direct data leakage, but the high integrity impact means attackers can alter system behavior and configurations, potentially undermining trust in network operations and security monitoring.
Mitigation Recommendations
To mitigate CVE-2022-29800, European organizations should: 1) Identify and inventory all systems running networkd-dispatcher and verify their versions. 2) Monitor vendor and distribution security advisories for patches or updates addressing this vulnerability and apply them promptly once available. 3) Restrict local access to systems running networkd-dispatcher to trusted users only, minimizing the risk of local exploitation. 4) Implement strict file system permissions and integrity monitoring on directories and scripts used by networkd-dispatcher to detect unauthorized modifications or replacements. 5) Employ mandatory access controls (e.g., SELinux, AppArmor) to limit the ability of low-privileged users to modify scripts or escalate privileges. 6) Use system auditing and logging to detect suspicious activities related to script execution and privilege escalations. 7) Consider network segmentation and isolation for critical systems to reduce the attack surface. 8) Educate system administrators and users about the risks of local privilege escalation vulnerabilities and the importance of maintaining system hygiene.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2022-29800: CWE-367 in networkd-dispatcher
Description
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
AI-Powered Analysis
Technical Analysis
CVE-2022-29800 is a medium-severity vulnerability classified as a time-of-check-time-of-use (TOCTOU) race condition found in the networkd-dispatcher component. Networkd-dispatcher is a service that listens for network state changes and dispatches scripts accordingly, typically running scripts with root privileges. The vulnerability arises because there is a window of time between when networkd-dispatcher discovers scripts to execute and when it actually runs them. During this interval, an attacker with limited privileges can replace or modify the scripts that networkd-dispatcher believes to be owned by root with malicious scripts owned by the attacker. This race condition (CWE-367) can lead to privilege escalation, allowing an attacker with low privileges to execute arbitrary code with elevated (root) privileges. The CVSS 3.1 base score is 4.7, reflecting a medium severity with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating local attack vector, high attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. No known exploits are reported in the wild, and no patches are linked in the provided data. The affected versions are unspecified, but the vulnerability was published on September 21, 2022. This vulnerability is significant because it can be exploited to gain root-level code execution on affected systems, potentially compromising system integrity and control over network-related operations.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running networkd-dispatcher, which is commonly found in Linux distributions used in servers, desktops, and network infrastructure. Successful exploitation could allow attackers with limited local access to escalate privileges to root, leading to unauthorized control over critical network configuration and services. This could result in manipulation or disruption of network connectivity, interception or redirection of network traffic, and installation of persistent malware. Organizations in sectors with high reliance on Linux-based infrastructure, such as telecommunications, finance, government, and critical infrastructure, could face operational disruptions and data integrity issues. Although the attack requires local access and has high attack complexity, insider threats or attackers who have gained initial footholds could leverage this vulnerability to deepen their control. The lack of confidentiality impact reduces the risk of direct data leakage, but the high integrity impact means attackers can alter system behavior and configurations, potentially undermining trust in network operations and security monitoring.
Mitigation Recommendations
To mitigate CVE-2022-29800, European organizations should: 1) Identify and inventory all systems running networkd-dispatcher and verify their versions. 2) Monitor vendor and distribution security advisories for patches or updates addressing this vulnerability and apply them promptly once available. 3) Restrict local access to systems running networkd-dispatcher to trusted users only, minimizing the risk of local exploitation. 4) Implement strict file system permissions and integrity monitoring on directories and scripts used by networkd-dispatcher to detect unauthorized modifications or replacements. 5) Employ mandatory access controls (e.g., SELinux, AppArmor) to limit the ability of low-privileged users to modify scripts or escalate privileges. 6) Use system auditing and logging to detect suspicious activities related to script execution and privilege escalations. 7) Consider network segmentation and isolation for critical systems to reduce the attack surface. 8) Educate system administrators and users about the risks of local privilege escalation vulnerabilities and the importance of maintaining system hygiene.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- fedora
- Date Reserved
- 2022-04-25T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68371692182aa0cae24f0c44
Added to database: 5/28/2025, 1:58:42 PM
Last enriched: 7/7/2025, 9:13:28 AM
Last updated: 8/17/2025, 2:11:15 PM
Views: 16
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.