CVE-2022-29800
published 2022-09-21CVE-2022-29800: A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between…
PriorityP429medium4.7CVSS 3.1
AVLACHPRLUINSUCNIHAN
EPSS
6.41%
92.8th percentile
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | networkd-dispatcher | < networkd-dispatcher 2.2.3-1 (bookworm) | networkd-dispatcher 2.2.3-1 (bookworm) |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
osv5.5MEDIUM
vendor_ubuntu5.5MEDIUM
vendor_debian4.7LOW
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
networkd-dispatcher regression
vendor_ubuntu·2022-05-04·CVSS 5.5
[MEDIUM] networkd-dispatcher regression
Title: networkd-dispatcher regression
Summary: USN-5395-1 introduced a regression in networkd-dispatcher.
USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
networkd-dispatcher vulnerabilities
vendor_ubuntu·2022-04-28·CVSS 5.5
CVE-2022-29799 [MEDIUM] networkd-dispatcher vulnerabilities
Title: networkd-dispatcher vulnerabilities
Summary: Several security issues were fixed in networkd-dispatcher.
It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
networkd-dispatcher: Time-of-check-time-of-use (TOCTOU) race condition
vendor_redhat·2022-04-27·CVSS 4.7
CVE-2022-29800 [MEDIUM] CWE-367 networkd-dispatcher: Time-of-check-time-of-use (TOCTOU) race condition
networkd-dispatcher: Time-of-check-time-of-use (TOCTOU) race condition
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a specific time between discovering and running the script. This flaw allows an attacker to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
Statement: This issue does not affect Red Hat Enterprise Linux
Debian
CVE-2022-29800: networkd-dispatcher - A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in n...
vendor_debian·2022·CVSS 4.7
CVE-2022-29800 [MEDIUM] CVE-2022-29800: networkd-dispatcher - A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in n...
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
Scope: local
bookworm: resolved (fixed in 2.2.3-1)
bullseye: open
forky: resolved (fixed in 2.2.3-1)
sid: resolved (fixed in 2.2.3-1)
trixie: resolved (fixed in 2.2.3-1)
GHSA
GHSA-37cj-9g83-7692: A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher
ghsa_unreviewed·2022-09-22
CVE-2022-29800 [MEDIUM] CWE-367 GHSA-37cj-9g83-7692: A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
OSV
CVE-2022-29800: A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher
osv·2022-09-21·CVSS 4.7
CVE-2022-29800 [MEDIUM] CVE-2022-29800: A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.
OSV
networkd-dispatcher regression
osv·2022-05-04·CVSS 5.5
CVE-2022-29799 [MEDIUM] networkd-dispatcher regression
networkd-dispatcher regression
USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)
OSV
networkd-dispatcher vulnerabilities
osv·2022-04-28·CVSS 5.5
CVE-2022-29799 [MEDIUM] networkd-dispatcher vulnerabilities
networkd-dispatcher vulnerabilities
It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)
No detection rules found.
No public exploits indexed.
Elastic
Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation — Elastic Security Labs
blogs_elastic·2022-06-02·CVSS 5.5
[MEDIUM] Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation — Elastic Security Labs
## Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation
Microsoft 365 Defender team released a post detailing several identified vulnerabilities. These vulnerabilities allow adversarial groups to escalate privileges on Linux systems, allowing for deployment of payloads, ransomware, or other attacks.
## Summary
The Microsoft 365 Defender team released a post detailing several identified vulnerabilities. These vulnerabilities allow adversarial groups to easily escalate privileges on Linux systems, allowing for deployment of payloads, ransomware, or other malicious actions. Collectively known as Nimbuspwn, these vulnerabilities include a series of security issues within networkd-dispatcher, specifically directory traversal, symlink race, and TOCTU race conditions
Elastic
Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation — Elastic Security Labs
blogs_elastic·2022-06-02·CVSS 5.5
[MEDIUM] Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation — Elastic Security Labs
2 June 2022•Jake King
# Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation
Microsoft 365 Defender team released a post detailing several identified vulnerabilities. These vulnerabilities allow adversarial groups to escalate privileges on Linux systems, allowing for deployment of payloads, ransomware, or other attacks.
2 min readDetection Engineering, Enablement
## Summary
The Microsoft 365 Defender team released a post detailing several identified vulnerabilities. These vulnerabilities allow adversarial groups to easily escalate privileges on Linux systems, allowing for deployment of payloads, ransomware, or other malicious actions. Collectively known as Nimbuspwn, these vulnerabilities include a series of security issues within networkd-dispatcher, specif
Checkpoint
2nd May – Threat Intelligence Report
blogs_checkpoint·2022-05-02·CVSS 9.8
CVE-2022-22954 [CRITICAL] 2nd May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 2nd May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 2nd May, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
North Korean government connected group initiated in March 2022 a spear-phishing campaign against journalists who specialize in the North Korea coverage. The group used Goldbackdoor malware that is linked to malware families that are attributed to APT37.
Threat actor affiliated with a Chinese government targeted Russian officials
2022-09-21
Published