CVE-2024-10603

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
GoogleCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
googlegvisor
𝑥
< 20231030.0
googlegvisor
20231106.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-gvisor-gvisor
plucky
needs-triage
oracular
ignored
noble
needs-triage
jammy
dne
focal
dne
golang-inet-netstack
plucky
needs-triage
oracular
ignored
noble
needs-triage
jammy
needs-triage
focal
dne
Common Weakness Enumeration
References
https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205
https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2
https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52
https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf