OPENSUSE-SU-2026:21220-1
Vulnerability from csaf_opensuse - Published: 2026-07-02 13:13 - Updated: 2026-07-02 13:13Summary
Security update for dhcpcd
Severity
Moderate
Notes
Title of the patch: Security update for dhcpcd
Description of the patch: This update for dhcpcd fixes the following issue
Update to 10.3.2:
- CVE-2025-70102: NULL pointer dereference in `parse_option()` when processing a specially crafted configuration input
(bsc#1268761).
Changes for dhcpcd:
* options: Ensure ldop is not NULL dereferenced
* DHCP: Don't run double EXPIRE hooks on carrier loss
* DHCP: free the state when dropping on state NONE
* BSD: don't send uninitialised memory using
ps_root_indirectioctl
* Fix fallback_time option
* IPv4: Ignore DHCP state when building routes
* route: Routes may not have an interface assinged
* options: Ensure that an overly long bitflag string does not
crash
* options: Don't assume vsio options have an argument
* common: Cast via uintptr_t rather than unsigned long in UNCONST
* privsep: Ensure we recv for real after a successful recv
MSG_PEEK
* DHCP: Add parentheses to macro definitions
* ipv6nd: empty IPV6RA_EXPIRE eloop queue when dropping
* privsep: enforce message boundaries with MSG_EOR on our
messages
* Protocols will notify when dhcpcd can exit
* DHCP: Don't request T1 and T2
* DHCP: Don't request a lease time
* DHCP6: Don't exit if using DHCP4 INFORM in non manager mode
* ND: Route Information Option prefix is optional
* ipv6: respect slaac hwaddr to really use the hwaddr
* When stopping all interfaces at exit and releasing,
remove persistance
* NetBSD: Delete RTF_CONNECTED route when changing it
* privsep: Drain the log when the root process is exiting
* eloop: vastly reworked, kqueue and epoll support on by default
Patchnames: openSUSE-Leap-16.0-1147
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dhcpcd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dhcpcd fixes the following issue\n\nUpdate to 10.3.2:\n\n- CVE-2025-70102: NULL pointer dereference in `parse_option()` when processing a specially crafted configuration input\n (bsc#1268761).\n\nChanges for dhcpcd:\n\n * options: Ensure ldop is not NULL dereferenced\n * DHCP: Don\u0027t run double EXPIRE hooks on carrier loss\n * DHCP: free the state when dropping on state NONE\n * BSD: don\u0027t send uninitialised memory using\n ps_root_indirectioctl\n * Fix fallback_time option\n * IPv4: Ignore DHCP state when building routes\n * route: Routes may not have an interface assinged\n * options: Ensure that an overly long bitflag string does not\n crash\n * options: Don\u0027t assume vsio options have an argument\n * common: Cast via uintptr_t rather than unsigned long in UNCONST\n * privsep: Ensure we recv for real after a successful recv\n MSG_PEEK\n * DHCP: Add parentheses to macro definitions\n * ipv6nd: empty IPV6RA_EXPIRE eloop queue when dropping\n * privsep: enforce message boundaries with MSG_EOR on our\n messages\n * Protocols will notify when dhcpcd can exit\n * DHCP: Don\u0027t request T1 and T2\n * DHCP: Don\u0027t request a lease time\n * DHCP6: Don\u0027t exit if using DHCP4 INFORM in non manager mode\n * ND: Route Information Option prefix is optional\n * ipv6: respect slaac hwaddr to really use the hwaddr\n * When stopping all interfaces at exit and releasing,\n remove persistance\n * NetBSD: Delete RTF_CONNECTED route when changing it\n * privsep: Drain the log when the root process is exiting\n * eloop: vastly reworked, kqueue and epoll support on by default\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-1147",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_21220-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1268761",
"url": "https://bugzilla.suse.com/1268761"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-70102 page",
"url": "https://www.suse.com/security/cve/CVE-2025-70102/"
}
],
"title": "Security update for dhcpcd",
"tracking": {
"current_release_date": "2026-07-02T13:13:57Z",
"generator": {
"date": "2026-07-02T13:13:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:21220-1",
"initial_release_date": "2026-07-02T13:13:57Z",
"revision_history": [
{
"date": "2026-07-02T13:13:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dhcpcd-10.3.2-160000.1.1.aarch64",
"product": {
"name": "dhcpcd-10.3.2-160000.1.1.aarch64",
"product_id": "dhcpcd-10.3.2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dhcpcd-10.3.2-160000.1.1.ppc64le",
"product": {
"name": "dhcpcd-10.3.2-160000.1.1.ppc64le",
"product_id": "dhcpcd-10.3.2-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dhcpcd-10.3.2-160000.1.1.x86_64",
"product": {
"name": "dhcpcd-10.3.2-160000.1.1.x86_64",
"product_id": "dhcpcd-10.3.2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dhcpcd-10.3.2-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.aarch64"
},
"product_reference": "dhcpcd-10.3.2-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dhcpcd-10.3.2-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.ppc64le"
},
"product_reference": "dhcpcd-10.3.2-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dhcpcd-10.3.2-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.x86_64"
},
"product_reference": "dhcpcd-10.3.2-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-70102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-70102"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type \u0027struct dhcp_opt\u0027 when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports \u0027runtime error: member access within null pointer of type struct dhcp_opt\u0027 and aborts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-70102",
"url": "https://www.suse.com/security/cve/CVE-2025-70102"
},
{
"category": "external",
"summary": "SUSE Bug 1268761 for CVE-2025-70102",
"url": "https://bugzilla.suse.com/1268761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:dhcpcd-10.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-02T13:13:57Z",
"details": "moderate"
}
],
"title": "CVE-2025-70102"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…