{"id":"CVE-2024-0217","details":"A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.","modified":"2026-04-12T08:35:12.072710Z","published":"2024-01-03T17:15:12.110Z","related":["SUSE-RU-2024:1202-1","SUSE-SU-2024:0966-1","SUSE-SU-2024:1046-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-0217"},{"type":"FIX","url":"https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2256624"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hughsie/packagekit","events":[{"introduced":"0"},{"fixed":"9915e1b611e6d662f67e6c1dcd4e7fda5c31cba8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.7"}]}},{"type":"GIT","repo":"https://github.com/packagekit/packagekit","events":[{"introduced":"0"},{"fixed":"64278c9127e3333342b56ead99556161f7e86f79"}]}],"versions":["PACKAGEKIT_0_1_0","PACKAGEKIT_0_1_1","PACKAGEKIT_0_1_2","PACKAGEKIT_0_1_4","PACKAGEKIT_0_1_6","PACKAGEKIT_0_1_9","PACKAGEKIT_0_3_11","PACKAGEKIT_0_3_2","PACKAGEKIT_0_3_3","PACKAGEKIT_0_3_5","PACKAGEKIT_0_4_0","PACKAGEKIT_0_4_2","PACKAGEKIT_0_4_3","PACKAGEKIT_0_4_6","PACKAGEKIT_0_4_7","PACKAGEKIT_0_5_3","PACKAGEKIT_0_5_5","PACKAGEKIT_0_6_1","PACKAGEKIT_0_6_11","PACKAGEKIT_0_6_13","PACKAGEKIT_0_6_15","PACKAGEKIT_0_6_16","PACKAGEKIT_0_6_3","PACKAGEKIT_0_6_4","PACKAGEKIT_0_6_5","PACKAGEKIT_0_6_6","PACKAGEKIT_0_6_7","PACKAGEKIT_0_6_8","PACKAGEKIT_0_7_0","PACKAGEKIT_0_7_2","PACKAGEKIT_0_7_3","PACKAGEKIT_0_7_4","PACKAGEKIT_0_8_1","PACKAGEKIT_0_8_10","PACKAGEKIT_0_8_11","PACKAGEKIT_0_8_12","PACKAGEKIT_0_8_13","PACKAGEKIT_0_8_14","PACKAGEKIT_0_8_2","PACKAGEKIT_0_8_3","PACKAGEKIT_0_8_4","PACKAGEKIT_0_8_5","PACKAGEKIT_0_8_6","PACKAGEKIT_0_8_7","PACKAGEKIT_0_8_8","PACKAGEKIT_0_8_9","PACKAGEKIT_0_9_1","PACKAGEKIT_0_9_2","PACKAGEKIT_0_9_3","PACKAGEKIT_0_9_4","PACKAGEKIT_0_9_5","PACKAGEKIT_1_0_0","PACKAGEKIT_1_0_1","PACKAGEKIT_1_0_10","PACKAGEKIT_1_0_11","PACKAGEKIT_1_0_2","PACKAGEKIT_1_0_3","PACKAGEKIT_1_0_4","PACKAGEKIT_1_0_5","PACKAGEKIT_1_0_6","PACKAGEKIT_1_0_7","PACKAGEKIT_1_0_8","PACKAGEKIT_1_0_9","PACKAGEKIT_1_1_0","PACKAGEKIT_1_1_1","PACKAGEKIT_1_1_10","PACKAGEKIT_1_1_11","PACKAGEKIT_1_1_12","PACKAGEKIT_1_1_13","PACKAGEKIT_1_1_2","PACKAGEKIT_1_1_3","PACKAGEKIT_1_1_5","PACKAGEKIT_1_1_6","PACKAGEKIT_1_1_7","PACKAGEKIT_1_1_8","PACKAGEKIT_1_1_9","PACKAGEKIT_1_2_0","PACKAGEKIT_1_2_1","PACKAGEKIT_1_2_2","PACKAGEKIT_1_2_3","PACKAGEKIT_1_2_4","PACKAGEKIT_1_2_5","v1.2.6"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","deprecated":false,"signature_version":"v1","digest":{"line_hashes":["69110401875055153638018526870323614788","104936221520995987981509473286540388469","284850847472260449698388863213100776869","33786011828446133669880393923746326194","111480205983780487965060550645008160044","316624392811831117073588737815180568666","13349957417997647440873044018551392340","252578080632256012307756048094668849918"],"threshold":0.9},"source":"https://github.com/packagekit/packagekit/commit/64278c9127e3333342b56ead99556161f7e86f79","id":"CVE-2024-0217-8195f6c2","target":{"file":"src/pk-transaction.c"}},{"signature_type":"Function","deprecated":false,"signature_version":"v1","digest":{"length":362,"function_hash":"416716534804417372517382757260205436"},"source":"https://github.com/packagekit/packagekit/commit/64278c9127e3333342b56ead99556161f7e86f79","id":"CVE-2024-0217-f826b9d0","target":{"function":"pk_transaction_finished_emit","file":"src/pk-transaction.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0217.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]}],"vanir_signatures_modified":"2026-04-12T08:35:12Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}