CVE-2024-10026 Information

Description

A weak hashing algorithm and small sizes of seeds/secrets in Google’s gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.

Reference

https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2 https://github.com/google/gvisor/commit/e54bfde79278cafadedbf73c68ee10cb5982f2af https://github.com/google/gvisor/commit/f956b5ac17ae1f60a4d21999b59ba18c55f86d56