CVE-2024-10394 Information

Description

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients allowing the user to create a PAG using an existing id number effectively joining the PAG and letting the user steal the credentials in that PAG.

Reference

https://openafs.org/pages/security/OPENAFS-SA-2024-001.txt