{"id":"CVE-2024-10026","summary":"Improved Seeding and Hashing In gVisor","details":"A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.","modified":"2026-05-18T05:57:13.344151207Z","published":"2025-01-30T19:12:27.994Z","database_specific":{"cwe_ids":["CWE-328","CWE-339"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10026.json","cna_assigner":"Google"},"references":[{"type":"WEB","url":"https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10026.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10026"},{"type":"FIX","url":"https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2"},{"type":"FIX","url":"https://github.com/google/gvisor/commit/e54bfde79278cafadedbf73c68ee10cb5982f2af"},{"type":"FIX","url":"https://github.com/google/gvisor/commit/f956b5ac17ae1f60a4d21999b59ba18c55f86d56"},{"type":"PACKAGE","url":"https://github.com/google/gvisor"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/google/gvisor","events":[{"introduced":"0"},{"fixed":"bdc50df4596ae948685e26012094df3fd214dbfa"},{"introduced":"42b69d0151b778b53cd23ec7dcca963903857294"},{"fixed":"126ee58746d10ae5064e51dec96cf580b8116875"},{"fixed":"83f75082e5b03fafca9201d9d9939028f712b0b2"},{"fixed":"e54bfde79278cafadedbf73c68ee10cb5982f2af"},{"fixed":"f956b5ac17ae1f60a4d21999b59ba18c55f86d56"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:google:gvisor:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"20231030.0"},{"introduced":"20231106.0"},{"fixed":"20231204.0"}]}}],"versions":["release-20231120.0","release-20231113.0","release-20231106.0","release-20231023.0","release-20231016.0","release-20231009.0","release-20231003.0","release-20230925.0","release-20230920.0","release-20230911.0","release-20230904.0","release-20230823.0","release-20230814.0","release-20230724.0","release-20230807.0","release-20230801.0","release-20230731.0","release-20230522.0","release-20230717.0","release-20230710.0","release-20230627.0","release-20230621.0","release-20230605.0","release-20230529.0","release-20230517.0","release-20230508.0","release-20230501.0","release-20230417.0","release-20230327.0","release-20230320.0","release-20230313.0","release-20230306.0","release-20230227.0","release-20230214.0","release-20230130.0","release-20230123.0","release-20230118.0","release-20230109.0","release-20230102.0","release-20221219.0","release-20221205.0","release-20221212.0","release-20221128.0","release-20221122.0","release-20221107.0","release-20221102.1","release-20221026.0","release-20221017.0","release-20221010.0","release-20221003.0","release-20220926.0","release-20220919.0","release-20220913.0","release-20220905.0","release-20220822.0","release-20220815.0","release-20220808.0","release-20220801.0","release-20220718.0","release-20220713.0","release-20220704.0","release-20220627.0","release-20220621.0","release-20220606.0","release-20220516.0","release-20220510.0","release-20220502.1","release-20220425.0","release-20220418.0","release-20220411.0","release-20220405.0","release-20220328.0","release-20220321.0","release-20220314.0","release-20220309.0","release-20220228.0","release-20220222.0","release-20220221.0","release-20220214.0","release-20220208.0","release-20220131.0","release-20220117.0","release-20220124.0","release-20220103.0","release-20211129.0","release-20211122.0","release-20211115.0","release-20211108.0","release-20211101.0","release-20211026.0","release-20211019.0","release-20211011.0","release-20211005.0","release-20210927.0","release-20210921.0","release-20210906.0","release-20210830.0","release-20210823.0","release-20210816.0","release-20210806.0","release-20210726.0","release-20210720.0","release-20210712.0","release-20210705.0","release-20210518.0","release-20210628.0","release-20210622.0","release-20210614.0","release-20210607.0","release-20210601.0","release-20210510.0","release-20210503.0","release-20210419.0","release-20210412.0","release-20210408.0","release-20210322.0","release-20210315.0","release-20210309.0","release-20210301.0","release-20210208.0","release-20210201.0","release-20210125.0","release-20210121.1","release-20210112.0","release-20201216.0","release-20201208.0","release-20201130.0","release-20201117.0","release-20201109.0","release-20201030.0","release-20201027.0","release-20200818.0","release-20201019.0","release-20201012.0","release-20201005.0","release-20200928.0","release-20200921.0","release-20200914.0","release-20200907.0","release-20200522.0","release-20200810.0","release-20200804.0","release-20200622.1","release-20200518.0","release-20200608.0","release-20200601.0","release-20200511.0","release-20200422.0","release-20200413.0","release-20200211.0","release-20200323.0","release-20200219.0","release-20200127.0","release-20200115.0","release-20191213.0","release-20191210.0","release-20191129.0","release-20191114.0","release-20191104.0","release-20190806.1","release-20190722.1","release-20190529.1","release-20190304.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10026.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"}]}