Gvisor Security Vulnerabilities and Issues — Gvisor CVE List

GoogleGvisor

7 matches found

CVE•added 2024/05/15 4:29 p.m.•101 views

CVE-2023-7258

CVE-2023-7258 describes a denial-of-service issue in the Gvisor Sandbox. A bug in the reference counting for mount point tracking could cause a panic, enabling a root user with mount-permission to terminate the sandbox. Affected component is the Gvisor Sandbox’s mount-tracking logic; root-privile...

6.5CVSS6.8AI score0.00165EPSS

CVE•added 2025/03/28 3:27 p.m.•74 views

CVE-2025-2713

CVE-2025-2713 : Google gVisor's runsc component has a local privilege escalation vulnerability caused by incorrect handling of file access permissions. The issue arises because the process initially runs with root-like permissions until the first fork, allowing unprivileged users to access restri...

7.8CVSS7.1AI score0.00074EPSS

CVE•added 2025/01/30 7:14 p.m.•54 views

CVE-2024-10603

CVE-2024-10603 concerns weaknesses in the generation of TCP/UDP source ports and some other header values in Google’s gVisor that could allow an external attacker to predict them in certain circumstances. The connected Nessus, OSV, NVD, and vendor advisories consistently reference gVisor-related ...

6.3CVSS6.4AI score0.00257EPSS

CVE•added 2018/09/02 10:0 p.m.•50 views

CVE-2018-16359

Google gVisor prior to 2018-08-23 allows access to the renameat system call inside the seccomp sandbox, enabling attackers to rename files on the host OS. The issue is described consistently across multiple sources (NVD and CNVD variants). Affected component/function: gVisor’s seccomp sandbox. Ro...

7.1CVSS6.5AI score0.00452EPSS

CVE•added 2018/12/17 5:0 a.m.•47 views

CVE-2018-20168

CVE-2018-20168 affects Google gVisor prior to 2018-08-22. The vulnerability arises when a pagetable is reused across different levels while the paging-structure cache remains intact, enabling a crafted application to trigger a denial of service via a “physical address not valid” panic. The availa...

5.5CVSS5.3AI score0.00279EPSS

CVE•added 2025/01/30 7:12 p.m.•47 views

CVE-2024-10026

The CVE-2024-10026 issue concerns Google's gVisor: a weak hashing algorithm and small seed/secret sizes. The connected documents confirm this affects gVisor in multiple advisories (e.g., TencentOS Server 4, OSV/Ubuntu entries) and describe that a remote attacker could calculate a local IP address...

6.3CVSS6.5AI score0.00216EPSS

CVE•added 2018/11/17 5:0 p.m.•46 views

CVE-2018-19333

CVE-2018-19333 affects Google gVisor (pkg/sentry/kernel/shm/shm.go) prior to 2018-11-01. The issue arises from mishandled reference counting, allowing attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via IPC_RMID shmctl-related vectors. This is a m...

9.8CVSS9.1AI score0.00786EPSS