Back

Critical Denial of Service Vulnerability in Kea DHCP Affects Ubuntu Systems

Severity: High (Score: 60.6)

Sources: Linuxsecurity, Ubuntu

Published: 2026-06-08 · Updated: 2026-06-09

Keywords: ubuntu, dhcp, vulnerability, issue, crafted, messages, important

Severity indicators: vulnerability, issue

Summary

A vulnerability in Kea DHCP, discovered by Ali Norouzi, allows remote attackers to crash the service by sending specially crafted messages over API sockets and HA listeners. This flaw affects Ubuntu versions 25.10 and 24.04 LTS, leading to a denial of service. The issue can be mitigated by updating to specific package versions. Users are advised to restart their Kea DHCP server instances after applying the updates. The vulnerability is documented under Ubuntu Security Notice USN-8403-1. No CVE has been assigned yet, but the issue poses a significant risk to systems running affected versions. The problem was disclosed on June 8, 2026. Key Points: • Kea DHCP vulnerability allows remote denial of service attacks on affected Ubuntu systems. • The flaw affects Ubuntu versions 25.10 and 24.04 LTS, requiring urgent updates. • Users must restart Kea DHCP server instances post-update to ensure security.

Detailed Analysis

**Impact** Ubuntu 25.10 and 24.04 LTS users running Kea DHCP server instances are affected by a denial of service vulnerability. This impacts organizations relying on these Ubuntu releases for DHCP services, potentially disrupting network operations. The vulnerability could cause DHCP server crashes, leading to service outages in any sector using affected Ubuntu systems. No data breach or data loss is reported. **Technical Details** The vulnerability arises from improper handling of maliciously crafted messages sent over configured API sockets and HA listeners in Kea DHCP. A remote attacker can exploit this flaw to crash the DHCP service, resulting in denial of service. No CVE identifier or malware/tool names are provided. The attack targets the availability stage of the kill chain. No indicators of compromise (IOCs) are mentioned. **Recommended Response** Apply the updated Kea DHCP packages immediately: versions 2.6.3-2ubuntu0.1 for Ubuntu 25.10 and 2.4.1-3ubuntu0.2 for Ubuntu 24.04 LTS. After patching, restart all Kea DHCP server instances to ensure changes take effect. Monitor DHCP service stability and network availability for signs of exploitation. No additional detection or blocking indicators are provided.

Source articles (2)

  • USN-8403-1: Kea DHCP vulnerability — Ubuntu · 2026-06-08
    Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker could possibly use this issue to cause Kea DHC…
  • Ubuntu 25.10 Kea DHCP Important Denial of Service Vulnerability USN-8403 — Linuxsecurity · 2026-06-08
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: Kea DHCP could be made to crash if it received specially crafted messages. Software De…

Timeline

  • 2026-06-08 — Kea DHCP vulnerability disclosed: Ali Norouzi reported a flaw in Kea DHCP that allows remote denial of service attacks via crafted messages.
  • 2026-06-08 — Ubuntu Security Notice USN-8403-1 issued: Ubuntu released an advisory detailing the Kea DHCP vulnerability and recommended updates for affected versions.

Related entities

  • DDoS (Attack Type)
  • Denial of Service (Attack Type)
  • Cwe-400 - Uncontrolled Resource Consumption (Cwe)
  • Kea DHCP (Platform)
  • Ubuntu Pro (Platform)
  • Ubuntu (Company)
  • Kea DHCP Vulnerability (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed