CVE-2024-10026

Improved Seeding and Hashing In gVisor

Description

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.

INFO

Published Date :

2025-01-30T19:12:27.994Z

Last Modified :

2025-02-24T11:50:42.192Z

Source :

Google

AFFECTED PRODUCTS

The following products are affected by CVE-2024-10026 vulnerability.

Vendors	Products
Google	Gvisor

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-10026.

URL	Resource
https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2
https://github.com/google/gvisor/commit/e54bfde79278cafadedbf73c68ee10cb5982f2af
https://github.com/google/gvisor/commit/f956b5ac17ae1f60a4d21999b59ba18c55f86d56
https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact