Weakness in TCP/UDP Source Port Generation in Google's gVisor
CVE-2024-10603

6.3MEDIUM

Key Information:

Vendor: Google
Status: Gvisor
Vendor: CVE Published:; 30 January 2025

Summary

Google's gVisor has a vulnerability related to the generation of TCP and UDP source ports, where these values can be predicted by an external attacker under certain conditions. This weakness could enable attackers to exploit the affected systems, raising concerns about the security posture of applications utilizing gVisor for container isolation. Addressing this flaw is essential to ensuring the integrity and confidentiality of network communications.

Affected Version(s)

gVisor release-20241028.0

References

https://github.com/google/gvisor/commit/83f75082e5b03fafc...

https://github.com/google/gvisor/commit/cbdb2c61b1f753834...

https://github.com/google/gvisor/commit/5d2bf2546805afa09...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Oct 31, 2024