CVE-2024-10026

Sažetak

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.

Reference

https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2
https://github.com/google/gvisor/commit/e54bfde79278cafadedbf73c68ee10cb5982f2af
https://github.com/google/gvisor/commit/f956b5ac17ae1f60a4d21999b59ba18c55f86d56
https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

24-02-2025 - 12:15

Objavljeno

30-01-2025 - 20:15