networkd-dispatcher regression

2022-05-0400:00:00

ubuntu.com

ubuntu 22.04 lts

ubuntu 21.10

ubuntu 20.04 lts

ubuntu 18.04 esm

networkd-dispatcher

systemd-networkd

vulnerability

regression fix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

25.9%

JSON

Releases

Ubuntu 22.04 LTS
Ubuntu 21.10
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM

Packages

networkd-dispatcher - Dispatcher service for systemd-networkd connection status changes

Details

USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchnetworkd-dispatcher< 2.1-2ubuntu0.22.04.2UNKNOWN
Ubuntu21.10noarchnetworkd-dispatcher< 2.1-2ubuntu0.21.10.2UNKNOWN
Ubuntu20.04noarchnetworkd-dispatcher< 2.1-2~ubuntu20.04.3UNKNOWN
Ubuntu18.04noarchnetworkd-dispatcher< 1.7-0ubuntu3.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.04	noarch	networkd-dispatcher	< 2.1-2ubuntu0.22.04.2	UNKNOWN
Ubuntu	21.10	noarch	networkd-dispatcher	< 2.1-2ubuntu0.21.10.2	UNKNOWN
Ubuntu	20.04	noarch	networkd-dispatcher	< 2.1-2~ubuntu20.04.3	UNKNOWN
Ubuntu	18.04	noarch	networkd-dispatcher	< 1.7-0ubuntu3.5	UNKNOWN