Packagekit
Monthly
Improper authorization in PackageKit up to 1.3.5 allows a low-privileged authenticated remote attacker to bypass access controls via manipulation of the frontend-socket argument in the g_file_test function within pk-transaction.c, resulting in unauthorized confidentiality exposure (C:L). The vulnerability is tagged as an authentication bypass and publicly available exploit code exists, disclosed via GitHub issue #969 against the PackageKit project. No CISA KEV listing is present, but the combination of a publicly known proof-of-concept and low attack complexity (AC:L) elevates practical risk beyond what the base CVSS score of 4.3 alone suggests.
Local privilege escalation in PackageKit 1.0.2-1.3.4 allows unprivileged Linux users to install arbitrary RPM packages as root without authentication via TOCTOU race condition on transaction flags. The vulnerability exploits three synchronized bugs in the transaction state machine: unconditional flag overwrite, silent state-transition rejection that leaves corrupted flags, and late flag validation at dispatch time. Actively exploited in targeted attacks according to vendor advisory. CVSS 8.8 with scope change reflects full system compromise from low-privileged account. Patched in version 1.3.5.
A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Improper authorization in PackageKit up to 1.3.5 allows a low-privileged authenticated remote attacker to bypass access controls via manipulation of the frontend-socket argument in the g_file_test function within pk-transaction.c, resulting in unauthorized confidentiality exposure (C:L). The vulnerability is tagged as an authentication bypass and publicly available exploit code exists, disclosed via GitHub issue #969 against the PackageKit project. No CISA KEV listing is present, but the combination of a publicly known proof-of-concept and low attack complexity (AC:L) elevates practical risk beyond what the base CVSS score of 4.3 alone suggests.
Local privilege escalation in PackageKit 1.0.2-1.3.4 allows unprivileged Linux users to install arbitrary RPM packages as root without authentication via TOCTOU race condition on transaction flags. The vulnerability exploits three synchronized bugs in the transaction state machine: unconditional flag overwrite, silent state-transition rejection that leaves corrupted flags, and late flag validation at dispatch time. Actively exploited in targeted attacks according to vendor advisory. CVSS 8.8 with scope change reflects full system compromise from low-privileged account. Patched in version 1.3.5.
A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.