CVE-2024-10603

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GoogleCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-gvisor-gvisor
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
dne
focal
dne
golang-inet-netstack
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
needs-triage
focal
dne
Common Weakness Enumeration
References
https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205
https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2
https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52
https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf