Linuxsecurity
SUSE Dracut Vulnerability Allows Root Code Execution via DHCP Injection
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
SUSE has released important updates for dracut addressing CVE-2026-6893, a vulnerability that allows root code execution through DHCP options command injection. This flaw affects SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2, with the potential for significant impact due to improper sanitization of DHCP values in the dhclient-script.sh. The vulnerability was published on June 10, 2026, and has been assigned a CVSS score indicating a medium severity level. Users are advised to apply the patches using SUSE's recommended installation methods. The updates include input validation improvements to mitigate the risk of exploitation. The vulnerability has been confirmed and is categorized as important by SUSE, necessitating prompt action from system administrators.
Key Points: • CVE-2026-6893 allows root code execution via DHCP command injection. • Affected systems include SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2. • Patches are available and should be applied immediately to mitigate risks.