What is the CVSS score of CVE-2024-0217?

CVE-2024-0217 has a CVSS 3.1 base score of 3.3 (Low). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of Enterprise Linux are affected by CVE-2024-0217?

CVE-2024-0217 is a low-severity vulnerability in A use-after-free flaw (CVSS 3.3).. A patch is available.

How to fix or mitigate CVE-2024-0217?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Enterprise Linux CVE-2024-0217

LOW

Use After Free (CWE-416)

2024-01-03 secalert@redhat.com

Information Disclosure Use After Free Memory Corruption Enterprise Linux Fedora Packagekit

3.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:33 vuln.today

Patch released

Mar 28, 2026 - 19:33 nvd

Patch available

CVE Published

Jan 03, 2024 - 17:15 nvd

LOW 3.3

DescriptionNVD

A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.

AnalysisAI

A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. Affected products include: Packagekit Project Packagekit, Redhat Enterprise Linux, Fedoraproject Fedora.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

CVE-2024-0217 vulnerability details – vuln.today

Back

Enterprise Linux CVE-2024-0217

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code