vulnerability

Debian: CVE-2024-10396: openafs -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:N/A:C)	Nov 14, 2024	Jan 13, 2025	Dec 24, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

Nov 14, 2024

Added

Jan 13, 2025

Modified

Dec 24, 2025

Description

An authenticated user can provide a malformed ACL to the fileserver's StoreACL
RPC, causing the fileserver to crash, possibly expose uninitialized memory, and
possibly store garbage data in the audit log.
Malformed ACLs provided in responses to client FetchACL RPCs can cause client
processes to crash and possibly expose uninitialized memory into other ACLs
stored on the server.

Solution

debian-upgrade-openafs

References

CVE-2024-10396
https://attackerkb.com/topics/CVE-2024-10396
CWE-772
DEBIAN-DSA-5842-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today