How severe is CVE-2024-10603?

CVE-2024-10603 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2024-10603

Name: gvisor
Author: google

5.3MEDIUM

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.

Published: 1/30/2025Updated: 7/29/2025

Description

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.

AI AnalysisPowered by AI

Affected Products

googlegvisor

20231106.0

References

https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205
Patch
https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2
Patch
https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52
Patch
https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf
ExploitMitigationTechnical DescriptionThird Party Advisory