From https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688: systemd-networkd is vulnerable to an out out-of-bounds heap write in the DHCPv6 client when handling options sent by network adjacent DHCP servers. A attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution. NetworkManager includes some parts of the systemd-networkd code in its codebase. That can be found at src/systemd/src/libsystemd-networkd. The DHCP implementation provided by systemd-networkd is used when NetworkManager is configured to use the internal implementation, however the default is to use dhclient. When NetworkManager is configured to use the internal dhcp and an interface is setup with ipv6.method=auto (which is the default value) or ipv6.method=dhcp, this flaw can be exploited. When using ipv6.method=auto, the DHCPv6 client can be automatically started with a Router Advertisement packet.
all done here.
