CVE-2024-0217

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
03/01/2024
Last modified:
02/02/2024

Description

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:packagekit_project:packagekit:*:*:*:*:*:*:*:* 1.2.7 (excluding)
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*