CVE-2024-10026

Summary

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.

Affected Software

VendorProductVersion RangeStatus
GooglegVisorRelease 20241028.0unaffected

Weaknesses

  • CWE-328: CWE-328
  • CWE-339: CWE-339

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References