Vulnerability Description
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Packagekit Project | Packagekit | < 1.2.7 |
| Redhat | Enterprise Linux | 8.0 |
| Fedoraproject | Fedora | 39 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2024-0217MitigationThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2256624Issue TrackingPatchThird Party Advisory
- https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161Patch
- https://access.redhat.com/security/cve/CVE-2024-0217MitigationThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2256624Issue TrackingPatchThird Party Advisory
- https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161Patch
FAQ
What is CVE-2024-0217?
CVE-2024-0217 is a vulnerability with a CVSS score of 3.3 (LOW). A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions th...
How severe is CVE-2024-0217?
CVE-2024-0217 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0217?
Check the references section above for vendor advisories and patch information. Affected products include: Packagekit Project Packagekit, Redhat Enterprise Linux, Fedoraproject Fedora.