Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a TOCTOU race condition flaw in the networkd-dispatcher daemon in the systed component. By sending a specially-crafted request using a rogue D-Bus service, an authenticated attacker could exploit this vulnerability to execute arbitrary code with root privileges.
Linux Kernel could allow a local authenticated attacker to traverse directories on the system, caused by not sanitize the OperationalState or the AdministrativeState in the networkd-dispatcher daemon in the systemd component. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to write arbitrary files on the system.
Refer to Linux Kernel GIT Repository for the patch, upgrade, or suggested workaround information.