CVE-2022-29800

4.7MEDIUM

Key Information:

Vendor: Microsoft
Status: Networkd-dispatcher
Vendor: CVE Published:; 21 September 2022

Summary

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

Affected Version(s)

networkd-dispatcher uknown

References

https://www.microsoft.com/security/blog/2022/04/26/micros...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2022
Vulnerability Reserved
Apr 25, 2022

Collectors

NVD DatabaseMitre Database