UBUNTU-CVE-2024-10026

Source
https://ubuntu.com/security/CVE-2024-10026
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-10026.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-10026
Related
Published
2025-01-30T20:15:00Z
Modified
2025-02-06T16:36:59Z
Summary
[none]
Details

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.

References

Affected packages

Ubuntu:22.04:LTS / golang-inet-netstack

Package

Name
golang-inet-netstack
Purl
pkg:deb/ubuntu/golang-inet-netstack@0.0~git20211120.8aa80cf2-5?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20211120.8aa80cf2-1
0.0~git20211120.8aa80cf2-2
0.0~git20211120.8aa80cf2-5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / golang-gvisor-gvisor

Package

Name
golang-gvisor-gvisor
Purl
pkg:deb/ubuntu/golang-gvisor-gvisor@0.0~20240729.0-4?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~20230807.0-4build1
0.0~20230807.0-5
0.0~20240729.0-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / golang-inet-netstack

Package

Name
golang-inet-netstack
Purl
pkg:deb/ubuntu/golang-inet-netstack@0.0~git20211120.8aa80cf2-6?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20211120.8aa80cf2-6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / golang-gvisor-gvisor

Package

Name
golang-gvisor-gvisor
Purl
pkg:deb/ubuntu/golang-gvisor-gvisor@0.0~20230807.0-4ubuntu0.24.04.2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~20230807.0-4build1
0.0~20230807.0-4ubuntu0.24.04.1
0.0~20230807.0-4ubuntu0.24.04.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / golang-inet-netstack

Package

Name
golang-inet-netstack
Purl
pkg:deb/ubuntu/golang-inet-netstack@0.0~git20211120.8aa80cf2-6?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20211120.8aa80cf2-6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}