Ivan Kurnosov

**Name of the Vulnerable Software and Affected Versions** needrestart versions prior to 3.8 **Description** The issue is related to a race condition that allows local attackers to execute arbitrary code as root by tricking needrestart into running a fake Python interpreter. This is achieved by winning a race condition and substituting the system's real Python interpreter with a malicious one. The initial security fix introduced a regression, which was subsequently resolved. **Recommendations** For needrestart versions prior to 3.8, update to version 3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `usr/bin/python` file to prevent substitution with a malicious executable until a patch is applied.