CVE-2022-29800: 
Linux Debian vulnerability analysis and mitigation

A set of two privilege escalation vulnerabilities were discovered in the networkd-dispatcher daemon on Linux systems, identified as CVE-2022-29799 and CVE-2022-29800. The networkd-dispatcher is a daemon program for the network manager system service designed to dispatch network status changes. These vulnerabilities were discovered by Microsoft's 365 Defender Research Team and disclosed in April 2022 (Hacker News, Help Net Security).

The vulnerabilities consist of a directory traversal bug (CVE-2022-29799) and a time-of-check-time-of-use (TOCTOU) race condition (CVE-2022-29800). The TOCTOU flaw exists in networkd-dispatcher and could allow an attacker to replace scripts that networkd-dispatcher believes to be owned by root with malicious ones. When combined with a symlink race condition, these vulnerabilities create a path for privilege escalation. Researchers demonstrated successful exploitation of the TOCTOU race condition in just three attempts (Help Net Security).

The vulnerabilities can be chained together to gain root privileges on Linux systems, enabling attackers to deploy payloads such as root backdoors and perform arbitrary root code execution. This access could be weaponized to deploy more sophisticated threats, including ransomware. The flaws affect several Linux distributions, including Linux Mint and Ubuntu-based systems where networkd-dispatcher is installed (Hacker News).

The vulnerabilities have been fixed by Clayton Craft, the maintainer of networkd-dispatcher. Users are strongly recommended to update their instances to the latest version. Ubuntu has released security updates for affected versions: Ubuntu 22.04 (2.1-2ubuntu0.22.04.1), Ubuntu 21.10 (2.1-2ubuntu0.21.10.1), Ubuntu 20.04 (2.1-2~ubuntu20.04.2), and Ubuntu 18.04 (1.7-0ubuntu3.4) (Ubuntu Security).