Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities found for PackageKit by PackageKit

    CVE-2026-41651 (GCVE-0-2026-41651)

    Vulnerability from nvd – Published: 2026-04-22 13:11 – Updated: 2026-06-30 12:08
    VLAI
    Title
    PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
    Summary
    PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5. A local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`: 1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction->cached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING. 2. Silent state-transition rejection (lines 873–882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` → `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags. 3. Late flag read at execution time (lines 2273–2277): The scheduler's idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker's flags.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    URL Tags
    https://github.com/PackageKit/PackageKit/security… x_refsource_CONFIRM
    https://github.com/PackageKit/PackageKit/blob/040… x_refsource_MISC
    https://github.com/PackageKit/PackageKit/blob/040… x_refsource_MISC
    https://github.com/PackageKit/PackageKit/blob/040… x_refsource_MISC
    https://github.security.telekom.com/2026/04/pack2… x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2026/04/22/6
    https://access.redhat.com/security/cve/CVE-2026-41651 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460604 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:22146 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19601 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11635 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17558 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17561 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17560 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18024 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18036 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19454 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18031 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11504 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19354 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    PackageKit PackageKit Affected: >= 1.0.2, <= 1.3.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-22T17:21:17.120Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/22/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41651",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-05T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T03:56:11.620Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-22T13:11:40.174Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in PackageKit. A time-of-check time-of-use (TOCTOU) race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:08:47.199Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-41651"
              },
              {
                "name": "RHBZ#2460604",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460604"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41651.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22146"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19601"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19141"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11635"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17558"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17561"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17560"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18024"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18036"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19454"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18031"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11504"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19354"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:22146: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19601: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19141: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11635: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17558: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17561: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17560: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18024: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18036: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19454: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18031: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11504: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19354: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T14:01:28.855Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-22T13:11:40.174Z",
                "value": "Made public."
              }
            ],
            "title": "PackageKit: race condition vulnerability leads to arbitrary package installation as root",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, mask the PackageKit service. Note that graphical package managers, such as GNOME software, will not work as expected until the service is unmasked.\n\n~~~\nsudo systemctl stop packagekit.service\nsudo systemctl mask packagekit.service\n~~~"
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PackageKit",
              "vendor": "PackageKit",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.0.2, \u003c= 1.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.\n\nA local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction-\u003ecached_transaction_flags`  combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`:\n1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction-\u003ecached_transaction_flags` without checking whether the transaction has already been  authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING.\n2. Silent state-transition rejection (lines 873\u2013882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` \u2192 `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags.\n3. Late flag read at execution time (lines 2273\u20132277): The scheduler\u0027s idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker\u0027s flags."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T13:11:40.174Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv"
            },
            {
              "name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277"
            },
            {
              "name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036"
            },
            {
              "name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882"
            },
            {
              "name": "https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html"
            }
          ],
          "source": {
            "advisory": "GHSA-f55j-vvr9-69xv",
            "discovery": "UNKNOWN"
          },
          "title": "PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-41651",
        "datePublished": "2026-04-22T13:11:40.174Z",
        "dateReserved": "2026-04-21T23:58:43.802Z",
        "dateUpdated": "2026-06-30T12:08:47.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-16122 (GCVE-0-2020-16122)

    Vulnerability from nvd – Published: 2020-11-07 04:10 – Updated: 2024-09-16 16:13
    VLAI
    Title
    Packagekit's apt backend lets user install untrusted local packages
    Summary
    PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    PackageKit packagekit Affected: 1.1.13-2ubuntu , < 1.1.13-2ubuntu1.1 (custom)
    Affected: 1.1.9-1ubuntu , < 1.1.9-1ubuntu2.18.04.6 (custom)
    Affected: 0.8.17-4ubuntu , < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 (custom)
    Create a notification for this product.
    Date Public
    2020-06-12 00:00
    Credits
    Sami Niemimäki and Esko Järnfors
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:53.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "packagekit",
              "vendor": "PackageKit",
              "versions": [
                {
                  "lessThan": "1.1.13-2ubuntu1.1",
                  "status": "affected",
                  "version": "1.1.13-2ubuntu",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.1.9-1ubuntu2.18.04.6",
                  "status": "affected",
                  "version": "1.1.9-1ubuntu",
                  "versionType": "custom"
                },
                {
                  "lessThan": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5",
                  "status": "affected",
                  "version": "0.8.17-4ubuntu",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Sami Niemim\u00e4ki and Esko J\u00e4rnfors"
            }
          ],
          "datePublic": "2020-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PackageKit\u0027s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-07T04:10:19.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
            }
          ],
          "source": {
            "advisory": "https://ubuntu.com/security/notices/USN-4538-1",
            "defect": [
              "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Packagekit\u0027s apt backend lets user install untrusted local packages",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2020-06-12T00:00:00.000Z",
              "ID": "CVE-2020-16122",
              "STATE": "PUBLIC",
              "TITLE": "Packagekit\u0027s apt backend lets user install untrusted local packages"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "packagekit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.13-2ubuntu",
                                "version_value": "1.1.13-2ubuntu1.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.9-1ubuntu",
                                "version_value": "1.1.9-1ubuntu2.18.04.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "0.8.17-4ubuntu",
                                "version_value": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PackageKit"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Sami Niemim\u00e4ki and Esko J\u00e4rnfors"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PackageKit\u0027s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098",
                  "refsource": "MISC",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
                }
              ]
            },
            "source": {
              "advisory": "https://ubuntu.com/security/notices/USN-4538-1",
              "defect": [
                "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2020-16122",
        "datePublished": "2020-11-07T04:10:19.889Z",
        "dateReserved": "2020-07-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:13:16.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16121 (GCVE-0-2020-16121)

    Vulnerability from nvd – Published: 2020-11-07 04:10 – Updated: 2024-09-17 04:04
    VLAI
    Title
    PackageKit error messages leak presence and mimetype of files to unprivileged users
    Summary
    PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
    CWE
    • CWE-209 - Information Exposure Through an Error Message
    Assigner
    References
    Impacted products
    Vendor Product Version
    PackageKit PackageKit Affected: 1.1.13-2ubuntu , < 1.1.13-2ubuntu1.1 (custom)
    Affected: 1.1.9-1ubuntu2 , < 1.1.9-1ubuntu2.18.04.6 (custom)
    Affected: 0.8.17-4ubuntu6 , < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 (custom)
    Create a notification for this product.
    Date Public
    2020-09-24 00:00
    Credits
    Vaisha Bernard
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:53.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PackageKit",
              "vendor": "PackageKit",
              "versions": [
                {
                  "lessThan": "1.1.13-2ubuntu1.1",
                  "status": "affected",
                  "version": "1.1.13-2ubuntu",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.1.9-1ubuntu2.18.04.6",
                  "status": "affected",
                  "version": "1.1.9-1ubuntu2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5",
                  "status": "affected",
                  "version": "0.8.17-4ubuntu6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vaisha Bernard"
            }
          ],
          "datePublic": "2020-09-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Information Exposure Through an Error Message",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-07T04:10:19.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
            }
          ],
          "source": {
            "advisory": "https://ubuntu.com/security/notices/USN-4538-1",
            "defect": [
              "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "PackageKit error messages leak presence and mimetype of files to unprivileged users",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2020-09-24T00:00:00.000Z",
              "ID": "CVE-2020-16121",
              "STATE": "PUBLIC",
              "TITLE": "PackageKit error messages leak presence and mimetype of files to unprivileged users"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PackageKit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.13-2ubuntu",
                                "version_value": "1.1.13-2ubuntu1.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.9-1ubuntu2",
                                "version_value": "1.1.9-1ubuntu2.18.04.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "0.8.17-4ubuntu6",
                                "version_value": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PackageKit"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vaisha Bernard"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-209 Information Exposure Through an Error Message"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html",
                  "refsource": "MISC",
                  "url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887",
                  "refsource": "MISC",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
                }
              ]
            },
            "source": {
              "advisory": "https://ubuntu.com/security/notices/USN-4538-1",
              "defect": [
                "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2020-16121",
        "datePublished": "2020-11-07T04:10:19.447Z",
        "dateReserved": "2020-07-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:04:03.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2515 (GCVE-0-2011-2515)

    Vulnerability from nvd – Published: 2019-11-27 20:18 – Updated: 2024-08-06 23:00
    VLAI
    Summary
    PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • installs unsigned RPM packages as though they were signed
    Assigner
    Impacted products
    Vendor Product Version
    packagekit packagekit Affected: 0.6.15
    Affected: 0.6.17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:00:34.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2011-2515"
              },
              {
                "name": "48557",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/48557/info"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "packagekit",
              "vendor": "packagekit",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.6.15"
                },
                {
                  "status": "affected",
                  "version": "0.6.17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "installs unsigned RPM packages as though they were signed",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-27T20:18:50.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2011-2515"
            },
            {
              "name": "48557",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/48557/info"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2515",
        "datePublished": "2019-11-27T20:18:50.000Z",
        "dateReserved": "2011-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:00:34.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-41651 (GCVE-0-2026-41651)

    Vulnerability from cvelistv5 – Published: 2026-04-22 13:11 – Updated: 2026-06-30 12:08
    VLAI
    Title
    PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
    Summary
    PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5. A local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`: 1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction->cached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING. 2. Silent state-transition rejection (lines 873–882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` → `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags. 3. Late flag read at execution time (lines 2273–2277): The scheduler's idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker's flags.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    URL Tags
    https://github.com/PackageKit/PackageKit/security… x_refsource_CONFIRM
    https://github.com/PackageKit/PackageKit/blob/040… x_refsource_MISC
    https://github.com/PackageKit/PackageKit/blob/040… x_refsource_MISC
    https://github.com/PackageKit/PackageKit/blob/040… x_refsource_MISC
    https://github.security.telekom.com/2026/04/pack2… x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2026/04/22/6
    https://access.redhat.com/security/cve/CVE-2026-41651 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460604 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:22146 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19601 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11635 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17558 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17561 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17560 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18024 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18036 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19454 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:18031 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11504 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19354 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    PackageKit PackageKit Affected: >= 1.0.2, <= 1.3.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-22T17:21:17.120Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/22/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41651",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-05T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T03:56:11.620Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-22T13:11:40.174Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in PackageKit. A time-of-check time-of-use (TOCTOU) race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:08:47.199Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-41651"
              },
              {
                "name": "RHBZ#2460604",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460604"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41651.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:22146"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19601"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19141"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11635"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17558"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17561"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17560"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18024"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18036"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19454"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:18031"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:11504"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19354"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:22146: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19601: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19141: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11635: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17558: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17561: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17560: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18024: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18036: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19454: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:18031: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:11504: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19354: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T14:01:28.855Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-22T13:11:40.174Z",
                "value": "Made public."
              }
            ],
            "title": "PackageKit: race condition vulnerability leads to arbitrary package installation as root",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, mask the PackageKit service. Note that graphical package managers, such as GNOME software, will not work as expected until the service is unmasked.\n\n~~~\nsudo systemctl stop packagekit.service\nsudo systemctl mask packagekit.service\n~~~"
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PackageKit",
              "vendor": "PackageKit",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.0.2, \u003c= 1.3.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.\n\nA local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction-\u003ecached_transaction_flags`  combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`:\n1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction-\u003ecached_transaction_flags` without checking whether the transaction has already been  authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING.\n2. Silent state-transition rejection (lines 873\u2013882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` \u2192 `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags.\n3. Late flag read at execution time (lines 2273\u20132277): The scheduler\u0027s idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker\u0027s flags."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T13:11:40.174Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv"
            },
            {
              "name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L2273-L2277"
            },
            {
              "name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L4036"
            },
            {
              "name": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PackageKit/PackageKit/blob/04057883189efa225a7c785591aa87cb299782f8/src/pk-transaction.c#L873-L882"
            },
            {
              "name": "https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html"
            }
          ],
          "source": {
            "advisory": "GHSA-f55j-vvr9-69xv",
            "discovery": "UNKNOWN"
          },
          "title": "PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-41651",
        "datePublished": "2026-04-22T13:11:40.174Z",
        "dateReserved": "2026-04-21T23:58:43.802Z",
        "dateUpdated": "2026-06-30T12:08:47.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-16122 (GCVE-0-2020-16122)

    Vulnerability from cvelistv5 – Published: 2020-11-07 04:10 – Updated: 2024-09-16 16:13
    VLAI
    Title
    Packagekit's apt backend lets user install untrusted local packages
    Summary
    PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    PackageKit packagekit Affected: 1.1.13-2ubuntu , < 1.1.13-2ubuntu1.1 (custom)
    Affected: 1.1.9-1ubuntu , < 1.1.9-1ubuntu2.18.04.6 (custom)
    Affected: 0.8.17-4ubuntu , < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 (custom)
    Create a notification for this product.
    Date Public
    2020-06-12 00:00
    Credits
    Sami Niemimäki and Esko Järnfors
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:53.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "packagekit",
              "vendor": "PackageKit",
              "versions": [
                {
                  "lessThan": "1.1.13-2ubuntu1.1",
                  "status": "affected",
                  "version": "1.1.13-2ubuntu",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.1.9-1ubuntu2.18.04.6",
                  "status": "affected",
                  "version": "1.1.9-1ubuntu",
                  "versionType": "custom"
                },
                {
                  "lessThan": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5",
                  "status": "affected",
                  "version": "0.8.17-4ubuntu",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Sami Niemim\u00e4ki and Esko J\u00e4rnfors"
            }
          ],
          "datePublic": "2020-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PackageKit\u0027s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-07T04:10:19.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
            }
          ],
          "source": {
            "advisory": "https://ubuntu.com/security/notices/USN-4538-1",
            "defect": [
              "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Packagekit\u0027s apt backend lets user install untrusted local packages",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2020-06-12T00:00:00.000Z",
              "ID": "CVE-2020-16122",
              "STATE": "PUBLIC",
              "TITLE": "Packagekit\u0027s apt backend lets user install untrusted local packages"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "packagekit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.13-2ubuntu",
                                "version_value": "1.1.13-2ubuntu1.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.9-1ubuntu",
                                "version_value": "1.1.9-1ubuntu2.18.04.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "0.8.17-4ubuntu",
                                "version_value": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PackageKit"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Sami Niemim\u00e4ki and Esko J\u00e4rnfors"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PackageKit\u0027s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098",
                  "refsource": "MISC",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
                }
              ]
            },
            "source": {
              "advisory": "https://ubuntu.com/security/notices/USN-4538-1",
              "defect": [
                "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2020-16122",
        "datePublished": "2020-11-07T04:10:19.889Z",
        "dateReserved": "2020-07-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:13:16.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16121 (GCVE-0-2020-16121)

    Vulnerability from cvelistv5 – Published: 2020-11-07 04:10 – Updated: 2024-09-17 04:04
    VLAI
    Title
    PackageKit error messages leak presence and mimetype of files to unprivileged users
    Summary
    PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
    CWE
    • CWE-209 - Information Exposure Through an Error Message
    Assigner
    References
    Impacted products
    Vendor Product Version
    PackageKit PackageKit Affected: 1.1.13-2ubuntu , < 1.1.13-2ubuntu1.1 (custom)
    Affected: 1.1.9-1ubuntu2 , < 1.1.9-1ubuntu2.18.04.6 (custom)
    Affected: 0.8.17-4ubuntu6 , < 0.8.17-4ubuntu6~gcc5.4ubuntu1.5 (custom)
    Create a notification for this product.
    Date Public
    2020-09-24 00:00
    Credits
    Vaisha Bernard
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:53.354Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PackageKit",
              "vendor": "PackageKit",
              "versions": [
                {
                  "lessThan": "1.1.13-2ubuntu1.1",
                  "status": "affected",
                  "version": "1.1.13-2ubuntu",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.1.9-1ubuntu2.18.04.6",
                  "status": "affected",
                  "version": "1.1.9-1ubuntu2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5",
                  "status": "affected",
                  "version": "0.8.17-4ubuntu6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vaisha Bernard"
            }
          ],
          "datePublic": "2020-09-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Information Exposure Through an Error Message",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-07T04:10:19.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
            }
          ],
          "source": {
            "advisory": "https://ubuntu.com/security/notices/USN-4538-1",
            "defect": [
              "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "PackageKit error messages leak presence and mimetype of files to unprivileged users",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "DATE_PUBLIC": "2020-09-24T00:00:00.000Z",
              "ID": "CVE-2020-16121",
              "STATE": "PUBLIC",
              "TITLE": "PackageKit error messages leak presence and mimetype of files to unprivileged users"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PackageKit",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.13-2ubuntu",
                                "version_value": "1.1.13-2ubuntu1.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.9-1ubuntu2",
                                "version_value": "1.1.9-1ubuntu2.18.04.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "0.8.17-4ubuntu6",
                                "version_value": "0.8.17-4ubuntu6~gcc5.4ubuntu1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PackageKit"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vaisha Bernard"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-209 Information Exposure Through an Error Message"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html",
                  "refsource": "MISC",
                  "url": "https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887",
                  "refsource": "MISC",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
                }
              ]
            },
            "source": {
              "advisory": "https://ubuntu.com/security/notices/USN-4538-1",
              "defect": [
                "https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2020-16121",
        "datePublished": "2020-11-07T04:10:19.447Z",
        "dateReserved": "2020-07-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:04:03.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2515 (GCVE-0-2011-2515)

    Vulnerability from cvelistv5 – Published: 2019-11-27 20:18 – Updated: 2024-08-06 23:00
    VLAI
    Summary
    PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • installs unsigned RPM packages as though they were signed
    Assigner
    Impacted products
    Vendor Product Version
    packagekit packagekit Affected: 0.6.15
    Affected: 0.6.17
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:00:34.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2011-2515"
              },
              {
                "name": "48557",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/48557/info"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "packagekit",
              "vendor": "packagekit",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.6.15"
                },
                {
                  "status": "affected",
                  "version": "0.6.17"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "installs unsigned RPM packages as though they were signed",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-27T20:18:50.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-2515"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2011-2515"
            },
            {
              "name": "48557",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/48557/info"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2515",
        "datePublished": "2019-11-27T20:18:50.000Z",
        "dateReserved": "2011-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:00:34.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }