First published: Tue Mar 15 2022(Updated: )
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Packagekit Project Packagekit | ||
Redhat Enterprise Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-0987 is about a flaw in PackageKit that allows a local user to determine the existence of files owned by root or other users.
CVE-2022-0987 has a severity rate of 3.3, which is considered low.
CVE-2022-0987 affects PackageKit and Redhat Enterprise Linux version 9.0.