CVE-2024-0217
Packagekitd: use-after-free in idle function callback
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
Se encontró un fallo de use after free en PackageKitd. En algunas condiciones, el orden de los mecanismos de limpieza de una transacción podría verse afectado. Como resultado, podría producirse cierto acceso a la memoria en regiones de memoria que se liberaron previamente. Una vez liberada, una región de memoria se puede reutilizar para otras asignaciones y cualquier dato previamente almacenado en esta región de memoria se considera perdido.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-03 CVE Reserved
- 2024-01-03 CVE Published
- 2024-01-31 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-0217 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2256624 | 2024-02-02 | |
| https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79 | 2024-02-02 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Packagekit Project Search vendor "Packagekit Project" | Packagekit Search vendor "Packagekit Project" for product "Packagekit" | < 1.2.7 Search vendor "Packagekit Project" for product "Packagekit" and version " < 1.2.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
| ||||||