Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-0217
HistoryJan 03, 2024 - 12:00 a.m.

CVE-2024-0217

2024-01-0300:00:00
ubuntu.com
ubuntu.com
15
packagekitd
memory access
denial of service

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4

Confidence

High

EPSS

0.001

Percentile

32.8%

A use-after-free flaw was found in PackageKitd. In some conditions, the
order of cleanup mechanics for a transaction could be impacted. As a
result, some memory access could occur on memory regions that were
previously freed. Once freed, a memory region can be reused for other
allocations and any previously stored data in this memory region is
considered lost.

Bugs

Notes

Author Note
Priority reason: Likely only a denial of service issue
mdeslaur There is no complete fix for this issue, but this commit in 1.2.7 apparently reduces the impact: https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4

Confidence

High

EPSS

0.001

Percentile

32.8%