CVE-2024-0217

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
redhatCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
packagekit_projectpackagekit
𝑥
< 1.2.7
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
packagekit
bullseye
ignored
bookworm
no-dsa
buster
no-dsa
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
packagekit
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
mantic
ignored
lunar
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2024-0217
https://bugzilla.redhat.com/show_bug.cgi?id=2256624
https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79
https://access.redhat.com/security/cve/CVE-2024-0217
https://bugzilla.redhat.com/show_bug.cgi?id=2256624
https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79