CVE-2024-0217

EUVD-2024-16016
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
packagekit_projectpackagekit
𝑥
< 1.2.7
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
packagekit
bookworm
no-dsa
bullseye
ignored
buster
no-dsa
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
packagekit
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
trusty
ignored
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
PackageKit
suse enterprise desktop 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.18.1
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise server 12 SP3
1.1.3-24.18.1
fixed
suse enterprise server 12 SP5
1.1.3-24.18.1
fixed
suse enterprise server 15 SP2
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP3
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP4
1.2.4-150400.3.13.1
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.13.1
fixed
PackageKit-backend-zypp
suse enterprise desktop 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.18.1
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise server 12 SP3
1.1.3-24.18.1
fixed
suse enterprise server 12 SP5
1.1.3-24.18.1
fixed
suse enterprise server 15 SP2
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP3
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP4
1.2.4-150400.3.13.1
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.13.1
fixed
PackageKit-branding-SLE
suse enterprise server 15 SP2
12.0-150200.9.2.2
fixed
suse enterprise server 15 SP3
12.0-150200.9.2.2
fixed
PackageKit-devel
suse enterprise desktop 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise server 15 SP2
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP3
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP4
1.2.4-150400.3.13.1
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.13.1
fixed
PackageKit-gstreamer-plugin
suse enterprise desktop 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.18.1
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise server 12 SP5
1.1.3-24.18.1
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise workstation 12 SP5
1.1.3-24.18.1
fixed
suse enterprise workstation 15 SP5
1.2.4-150400.3.13.1
fixed
PackageKit-gtk3-module
suse enterprise desktop 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.18.1
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise server 12 SP5
1.1.3-24.18.1
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise workstation 12 SP5
1.1.3-24.18.1
fixed
suse enterprise workstation 15 SP5
1.2.4-150400.3.13.1
fixed
PackageKit-lang
suse enterprise desktop 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.18.1
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise server 12 SP3
1.1.3-24.18.1
fixed
suse enterprise server 12 SP5
1.1.3-24.18.1
fixed
suse enterprise server 15 SP2
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP3
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP4
1.2.4-150400.3.13.1
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.13.1
fixed
libpackagekit-glib2-18
suse enterprise desktop 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.18.1
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise server 12 SP3
1.1.3-24.18.1
fixed
suse enterprise server 12 SP5
1.1.3-24.18.1
fixed
suse enterprise server 15 SP2
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP3
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP4
1.2.4-150400.3.13.1
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.13.1
fixed
libpackagekit-glib2-devel
suse enterprise desktop 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise server 15 SP2
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP3
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP4
1.2.4-150400.3.13.1
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.13.1
fixed
libyui-devel
suse enterprise server 15 SP2
3.9.3-150200.3.2.6
fixed
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-ncurses-devel
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-ncurses-pkg-devel
suse enterprise server 15 SP2
2.50.8-150200.3.5.5
fixed
suse enterprise server 15 SP3
4.1.5-150300.3.10.19
fixed
libyui-ncurses-pkg11
suse enterprise server 15 SP2
2.50.8-150200.3.5.5
fixed
libyui-ncurses-pkg15
suse enterprise server 15 SP3
4.1.5-150300.3.10.19
fixed
libyui-ncurses-rest-api-devel
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-ncurses-rest-api15
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-ncurses-tools
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-ncurses15
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-qt-devel
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-qt-graph-devel
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-qt-graph15
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-qt-pkg-devel
suse enterprise server 15 SP2
2.47.5-150200.3.4.4
fixed
suse enterprise server 15 SP3
4.1.5-150300.3.10.17
fixed
libyui-qt-pkg11
suse enterprise server 15 SP2
2.47.5-150200.3.4.4
fixed
libyui-qt-pkg15
suse enterprise server 15 SP3
4.1.5-150300.3.10.17
fixed
libyui-qt-rest-api-devel
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-qt-rest-api15
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-qt15
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-rest-api-devel
suse enterprise server 15 SP2
0.3.0-150200.3.2.2
fixed
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui-rest-api11
suse enterprise server 15 SP2
0.3.0-150200.3.2.2
fixed
libyui-rest-api15
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libyui11
suse enterprise server 15 SP2
3.9.3-150200.3.2.6
fixed
libyui15
suse enterprise server 15 SP3
4.1.5-150300.3.10.5
fixed
libzypp
suse enterprise server 15 SP2
17.32.2-150200.92.3
fixed
suse enterprise server 15 SP3
17.32.2-150200.92.3
fixed
libzypp-devel
suse enterprise server 15 SP2
17.32.2-150200.92.3
fixed
suse enterprise server 15 SP3
17.32.2-150200.92.3
fixed
typelib-1_0-PackageKitGlib-1_0
suse enterprise desktop 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise sap 12 SP5
1.1.3-24.18.1
fixed
suse enterprise sap 15 SP5
1.2.4-150400.3.13.1
fixed
suse enterprise server 12 SP3
1.1.3-24.18.1
fixed
suse enterprise server 12 SP5
1.1.3-24.18.1
fixed
suse enterprise server 15 SP2
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP3
1.1.13-150200.4.30.4
fixed
suse enterprise server 15 SP4
1.2.4-150400.3.13.1
fixed
suse enterprise server 15 SP5
1.2.4-150400.3.13.1
fixed
yast2-pkg-bindings
suse enterprise server 15 SP2
4.2.17-150200.3.24.6
fixed
suse enterprise server 15 SP3
4.3.13-150300.3.8.21
fixed
zypper
suse enterprise server 15 SP2
1.14.69-150200.73.7
fixed
suse enterprise server 15 SP3
1.14.69-150200.73.7
fixed
zypper-log
suse enterprise server 15 SP2
1.14.69-150200.73.7
fixed
suse enterprise server 15 SP3
1.14.69-150200.73.7
fixed
zypper-needs-restarting
suse enterprise server 15 SP2
1.14.69-150200.73.7
fixed
suse enterprise server 15 SP3
1.14.69-150200.73.7
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2024-0217
https://bugzilla.redhat.com/show_bug.cgi?id=2256624
https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79
https://access.redhat.com/security/cve/CVE-2024-0217
https://bugzilla.redhat.com/show_bug.cgi?id=2256624
https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79