We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-10026

Improved Seeding and Hashing In gVisor



Description

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.

Reserved 2024-10-16 | Published 2025-01-30 | Updated 2025-02-24 | Assigner Google


MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-328

CWE-339

Product status

Default status
unaffected

Release 20241028.0
unaffected

Credits

Amit Klein (Hebrew University of Jerusalem) finder

Inon Kaplan (Independent researcher) finder

Ron Even (Independent researcher) finder

References

github.com/...ommit/f956b5ac17ae1f60a4d21999b59ba18c55f86d56

github.com/...ommit/e54bfde79278cafadedbf73c68ee10cb5982f2af

github.com/...ommit/83f75082e5b03fafca9201d9d9939028f712b0b2

www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

cve.org (CVE-2024-10026)

nvd.nist.gov (CVE-2024-10026)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-10026

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.
MonTueWedThuFriSatSun
242526272812345678910111213141516171819202122232425262728293031123456
MonTueWedThuFriSatSun
242526272812345678910111213141516171819202122232425262728293031123456