CVE-2025-24934

Name of the Vulnerable Software and Affected Versions versions prior to kernel release containing the fix (affected versions not specified)

Description A flaw exists where the kernel does not properly validate the connection state of sockets when adding them to load-balancing groups created using the SO REUSEPORT LB socket option. This allows connected sockets to receive packets from any source address, violating the expected behavior that connected sockets should only receive packets from the host they are connected to. This behavior can lead to potential spoofing attacks. The SO REUSEPORT LB option, set via setsockopt(2), enables multiple TCP or UDP sockets to bind to the same socket address, forming a load-balancing group to improve scalability. The issue arises because the kernel incorrectly matches sockets in a load-balancing group, even if they are already connected, when determining the destination socket for incoming packets.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.