Local vulnerabilities in Kea DHCP

The SUSE Security Team has published a detailed
report about security vulnerabilities it discovered in the Kea DHCP server suite from the Internet Systems Consortium
(ISC).

Since SUSE is also going to ship Kea DHCP in its products, we
performed a routine review of its code base. Even before checking the
network security of Kea, we stumbled over a range of local security
issues, among them a local root exploit which is possible in many
default installations of Kea on Linux and BSD distributions.

This report is based on Kea release 2.6.1. Any source code
references in this report relate to this version. Many systems still
ship older releases of Kea, but we believe they are all affected as
well by the issues described in this report.

The report details seven security issues including
local-privilege-escalation
and arbitrary file overwrite
vulnerabilities. Security fixes for the vulnerabilities have been
published in all of the currently supported release series of Kea: 2.4.2,
2.6.3,
and the 2.7.9
development release were all released on May 28. Kea has assigned CVE-2025-32801,
CVE-2025-32802,
and CVE-2025-32803 to the vulnerabilities. Note that some of the CVEs
cover multiple security flaws.