Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-10394

Summary
Assigner-fedora
Assigner Org ID-92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5
Published At-14 Nov, 2024 | 19:07
Updated At-23 Dec, 2025 | 15:22
Rejected At-
Credits

Theft of credentials in Unix client PAGs

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:fedora
Assigner Org ID:92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5
Published At:14 Nov, 2024 | 19:07
Updated At:23 Dec, 2025 | 15:22
Rejected At:
▼CVE Numbering Authority (CNA)
Theft of credentials in Unix client PAGs

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.

Affected Products
Vendor
The OpenAFS Foundation
Product
OpenAFS
Collection URL
https://github.com/openafs/openafs/
Package Name
openafs
Default Status
unaffected
Versions
Affected
  • From 1.0 before 1.6.24 (semver)
  • From 1.8.0 before 1.8.12.2 (semver)
  • From 1.9.0 before 1.9.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-305CWE-305
Type: CWE
CWE ID: CWE-305
Description: CWE-305
Metrics
VersionBase scoreBase severityVector
4.08.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.openafs.org/pages/security/OPENAFS-SA-2024-001.txt
N/A
https://www.openafs.org/security
N/A
Hyperlink: https://www.openafs.org/pages/security/OPENAFS-SA-2024-001.txt
Resource: N/A
Hyperlink: https://www.openafs.org/security
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/05/msg00019.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00019.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:patrick@puiterwijk.org
Published At:14 Nov, 2024 | 20:15
Updated At:23 Dec, 2025 | 16:16

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
openafs
openafs
>>openafs>>Versions from 1.0(inclusive) to 1.6.25(exclusive)
cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*
openafs
openafs
>>openafs>>Versions from 1.8.0(inclusive) to 1.8.13(exclusive)
cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*
openafs
openafs
>>openafs>>1.9.0
cpe:2.3:a:openafs:openafs:1.9.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-305Secondarypatrick@puiterwijk.org
CWE ID: CWE-305
Type: Secondary
Source: patrick@puiterwijk.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.openafs.org/pages/security/OPENAFS-SA-2024-001.txtpatrick@puiterwijk.org
N/A
https://www.openafs.org/securitypatrick@puiterwijk.org
N/A
https://lists.debian.org/debian-lts-announce/2025/05/msg00019.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://www.openafs.org/pages/security/OPENAFS-SA-2024-001.txt
Source: patrick@puiterwijk.org
Resource: N/A
Hyperlink: https://www.openafs.org/security
Source: patrick@puiterwijk.org
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/05/msg00019.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2024-10397
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-7.7||HIGH
EPSS-0.24% / 47.98%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 19:33
Updated-23 Dec, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Preallocated buffer overflows in XDR responses

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.

Action-Not Available
Vendor-openafsThe OpenAFS Foundation
Product-openafsOpenAFS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20015
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7.4||HIGH
EPSS-0.01% / 1.34%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 05:59
Updated-16 Dec, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6873mt6893mt8765mt6763mt6886mt8788mt8791tmt6983mt6765mt6883mt6835mt6739mt6757mt8768mt8789mt6769mt6761mt6875mt6889mt8797mt8321mt6768mt8781mt8766mt8786mt6985mt6833mt6885mt8673mt6753mt6877mt6762mt6781mt6853mt8667mt6895mt8798androidmt6879MT6739, MT6753, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6781, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8321, MT8667, MT8673, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797, MT8798mt8766mt8667mt6769mt8798mt6985mt6877mt8791tmt6875mt8797mt6761mt6833mt6883mt8321mt6885mt6873mt6765mt6893mt6879mt8786mt6895mt6983mt8788mt6781mt6739mt8781mt6762mt6835mt8673mt6853mt6886mt6768mt8765mt6763mt8789mt6889mt8768mt6753mt6757mt6855
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2026-41054
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.21%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 08:56
Updated-05 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing exit out of permission check in haveged could lead to root exploit

In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.

Action-Not Available
Vendor-SUSE
Product-SUSE Linux Enterprise Server for SAP Applications 15 SP7Image SLES15-SP4-SAP-BYOS-AzureSUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP5SUSE Linux Enterprise Server for SAP Applications 15 SP4SUSE Manager Proxy LTS 4.3Image SLES15-SP4-SAP-BYOS-EC2Image SLES15-SP4-SAP-Hardened-BYOS-AzureImage SLES15-SP4-SAP-Hardened-BYOSImage SLES15-SP4-SAP-BYOSSUSE Linux Enterprise Server for SAP Applications 15 SP6Image SLES15-SP4-SAP-Hardened-BYOS-EC2Image SLES15-SP4-SAP-Hardened-GCESUSE Linux Enterprise Server 15 SP7Container suse/sle-micro-rancher/5.3:latestSUSE Linux Enterprise Micro 5.4SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Server 15 SP6-LTSSImage SLES15-SP4-SAP-BYOS-GCEImage SLES15-SP4-SAP-HardenedSUSE Manager Retail Branch Server LTS 4.3SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Server 15 SP5-LTSSSUSE Manager Server LTS 4.3SUSE Linux Enterprise Desktop 15 SP7Container suse/sle-micro-rancher/5.4:latestSUSE Linux Enterprise Module for Basesystem 15 SP7Container suse/sle-micro/5.5:latestImage SLES15-SP4-SAP-Hardened-BYOS-GCESUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2022-39245
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.4||HIGH
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 13:55
Updated-23 Apr, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mist vulnerable to user providing a Sudo binary for authentication checks

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.

Action-Not Available
Vendor-makedebmakedeb
Product-mistmist
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-23729
Matching Score-4
Assigner-LG Electronics
ShareView Details
Matching Score-4
Assigner-LG Electronics
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.90%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 15:51
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidLG mobile devices
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
Details not found