CVE-2024-10934

Name of the Vulnerable Software and Affected Versions: OpenBSD versions 7.4 through 7.5 before errata 008 and 021

Description: The issue is related to a possible mbuf double free in the NFS client and server implementation, as well as the use of an uninitialized variable in error handling of the NFS server. This could allow a remote attacker to impact the confidentiality, integrity, and availability of the system.

Recommendations: For OpenBSD versions 7.4 and 7.5, apply the respective errata updates, specifically errata 021 for version 7.4 and errata 008 for version 7.5, to fix the mbuf double free and uninitialized variable issues in the NFS client and server implementations. As a temporary workaround, consider restricting access to the NFS client and server until the updates are applied.