Ubuntu.comUB:CVE-2024-0217CVE-2024-0217
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.0%
A use-after-free flaw was found in PackageKitd. In some conditions, the
order of cleanup mechanics for a transaction could be impacted. As a
result, some memory access could occur on memory regions that were
previously freed. Once freed, a memory region can be reused for other
allocations and any previously stored data in this memory region is
considered lost.
Bugs
Notes
| Author | Note |
|---|---|
| Priority reason: Likely only a denial of service issue | |
| mdeslaur | There is no complete fix for this issue, but this commit in 1.2.7 apparently reduces the impact: https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | packagekit | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | packagekit | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | packagekit | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | packagekit | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | packagekit | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | packagekit | < any | UNKNOWN |
Related
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.0%