CVE-2020-7217: 
Linux openSUSE vulnerability analysis and mitigation

An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id. The vulnerability was discovered in January 2020 and assigned CVE-2020-7217 (MITRE).

The vulnerability exists in the DHCP4 finite state machine processing functionality of the wicked network configuration system. When processing DHCP4 packets with different client IDs, the system fails to properly free the associated lease memory, leading to a memory leak. The issue has a CVSS v3.1 base score of 5.3 (LOW) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (SUSE Security).

The vulnerability can be exploited by network attackers to cause a denial of service condition through memory exhaustion. By sending multiple DHCP4 packets with different client IDs, an attacker can trigger continuous memory leaks that eventually impact system availability (SUSE Bugzilla).

The vulnerability was fixed in wicked version 0.6.60 and later releases. System administrators should update to the patched versions available through their distribution's package management system. For openSUSE Leap 15.1, the fixed package version is wicked-0.6.60-lp151.2.9.1 (OpenSUSE Security).