Local vulnerabilities in Kea DHCP

The SUSE Security Team has published a detailed

report about security vulnerabilities it discovered in the https://www.isc.org/kea/

(ISC).

Since SUSE is also going to ship Kea DHCP in its products, we

performed a routine review of its code base. Even before checking the

network security of Kea, we stumbled over a range of local security

issues, among them a local root exploit which is possible in many

default installations of Kea on Linux and BSD distributions. [...]

This report is based on Kea release 2.6.1. Any source code

references in this report relate to this version. Many systems still

ship older releases of Kea, but we believe they are all affected as

well by the issues described in this report.

The report details seven security issues including

https://security.opensuse.org/2025/05/28/kea-dhcp-security-issues.html#31-local-privilege-escalation-by-injecting-a-hook-library-via-the-set-config-command-cve-2025-32801

and https://security.opensuse.org/2025/05/28/kea-dhcp-security-issues.html#32-arbitrary-file-overwrite-via-config-write-command-cve-2025-32802

vulnerabilities. Security fixes for the vulnerabilities have been

published in all of the currently supported release series of Kea: https://downloads.isc.org/isc/kea/2.4.2/Kea-2.4.2-ReleaseNotes.txt

,

https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt

,

and the https://downloads.isc.org/isc/kea/2.7.9/Kea-2.7.9-ReleaseNotes.txt

development release were all released on May 28. Kea has assigned https://nvd.nist.gov/vuln/detail/CVE-2025-32801

,

https://nvd.nist.gov/vuln/detail/CVE-2025-32802

,

and https://nvd.nist.gov/vuln/detail/CVE-2025-32803

to the vulnerabilities. Note that some of the CVEs

cover multiple security flaws.

https://lwn.net/Articles/1023093/