CVE-2024-10603

EUVD-2024-32898
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
googlegvisor
𝑥
< 20231030.0
googlegvisor
20231106.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-gvisor-gvisor
focal
dne
jammy
dne
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
golang-inet-netstack
focal
dne
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
Common Weakness Enumeration
References
https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205
https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2
https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52
https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf