Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-0217

Опубликовано: 03 янв. 2024
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.

Отчет

The use-after-free flaw in PackageKitd is categorized as a low vulnerability rather than moderate because the conditions required for exploitation are not as immediate or straightforward. While the flaw does pose a security risk by potentially allowing unauthorized memory access, the impact and ease of exploitation are deemed to be lower compared to vulnerabilities labeled as moderate. The low rating suggests that although attention and remediation are necessary, the risk is not as severe or immediately exploitable as higher-rated vulnerabilities.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6PackageKitOut of support scope
Red Hat Enterprise Linux 7compat-PackageKit08Out of support scope
Red Hat Enterprise Linux 7PackageKitOut of support scope
Red Hat Enterprise Linux 8PackageKitFix deferred
Red Hat Enterprise Linux 9PackageKitFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2256624PackageKitd: Use-After-Free in Idle Function Callback

EPSS

Процентиль: 2%
0.00013
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-0217

CVSS3: 3.3
ubuntu
около 2 лет назад

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.

nvd логотип

CVE-2024-0217

CVSS3: 3.3
nvd
около 2 лет назад

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.

debian логотип

CVE-2024-0217

CVSS3: 3.3
debian
около 2 лет назад

A use-after-free flaw was found in PackageKitd. In some conditions, th ...

suse-cvrf логотип

SUSE-SU-2024:1046-1

suse-cvrf
почти 2 года назад

Security update for PackageKit

suse-cvrf логотип

SUSE-SU-2024:0966-1

suse-cvrf
почти 2 года назад

Security update for PackageKit

EPSS

Процентиль: 2%
0.00013
Низкий

3.3 Low

CVSS3