Primary

Context

FreeBSD SO_REUSEPORT_LB Load-Balancing Vulnerability for UDP Sockets Spoofs Connections

Vulnerability

Patched

A vulnerability exists in FreeBSD's handling of UDP sockets that use the SO_REUSEPORT_LB option for load balancing. When a socket is connected to a host, it should only receive packets from that host. However, due to a kernel oversight, connected sockets in a load-balancing group can receive packets from any source. This behavior violates the expected connection contract and exposes applications to potential spoofing attacks.

Impact

This vulnerability allows connected UDP sockets in a load-balancing group to receive packets from any host, breaking the connection contract and potentially leading to spoofing attacks.

Remediation

Users can upgrade to a supported FreeBSD stable or release branch dated after the correction date. Instructions for applying the update via the FreeBSD Update utility or by manually patching the source code are available in the FreeBSD Security Advisory.

Added: Oct 22, 2025, 6:24 PM

Updated: Oct 22, 2025, 9:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeBSD SO_REUSEPORT_LB Load-Balancing Vulnerability for UDP Sockets Spoofs Connections

Vulnerability

Impact

Remediation

Affected Products

FreeBSD

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating