Upstream information

CVE-2022-29800 at MITRE

Description

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
  CNA (CISA-ADP) National Vulnerability Database
Base Score 4.7 4.7
Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector Local Local
Attack Complexity High High
Privileges Required Low Low
User Interaction None None
Scope Unchanged Unchanged
Confidentiality Impact None None
Integrity Impact High High
Availability Impact None None
CVSSv3 Version 3.1 3.1
SUSE Bugzilla entry: 1198938 [RESOLVED / INVALID]

SUSE Security Advisories:


SUSE Timeline for this CVE

CVE page created: Wed Apr 27 15:30:35 2022
CVE page last modified: Mon Jun 30 16:43:14 2025