diff mbox series

[meta-oe,scarthgap,10/22] freerdp3: fix CVE-2026-24680 and CVE-2026-27950

Message ID 20260409070919.3968586-10-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-oe,scarthgap,1/22] abseil-cpp: ignore CVE-2025-0838 | expand

Commit Message

Ankur Tyagi April 9, 2026, 7:09 a.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

There was only SDL2 client until commit[1] created SDL2 and SDL3 clients
from version 3.6.0 onwards.
[1] https://github.com/FreeRDP/FreeRDP/commit/8281186a6d9dad20e8345d85a1732e2974636555

Details:
https://nvd.nist.gov/vuln/detail/CVE-2026-24680
https://nvd.nist.gov/vuln/detail/CVE-2026-27950

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../CVE-2026-24680_CVE-2026-27950.patch       | 24 +++++++++++++++++++
 .../recipes-support/freerdp/freerdp3_3.4.0.bb |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24680_CVE-2026-27950.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24680_CVE-2026-27950.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24680_CVE-2026-27950.patch
new file mode 100644
index 0000000000..85179f74d9
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24680_CVE-2026-27950.patch
@@ -0,0 +1,24 @@ 
+From a2e077bc8dea8a7d1b16b98f31b6f6fbc00c0c24 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Mon, 26 Jan 2026 11:01:17 +0100
+Subject: [PATCH] [client,sdl] reset pointer after memory release
+
+CVE: CVE-2026-24680 CVE-2026-27950
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ client/SDL/sdl_pointer.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/client/SDL/sdl_pointer.cpp b/client/SDL/sdl_pointer.cpp
+index ad8a4f316..a9203a20b 100644
+--- a/client/SDL/sdl_pointer.cpp
++++ b/client/SDL/sdl_pointer.cpp
+@@ -63,6 +63,7 @@ static BOOL sdl_Pointer_New(rdpContext* context, rdpPointer* pointer)
+ 	        &context->gdi->palette))
+ 	{
+ 		winpr_aligned_free(ptr->data);
++		ptr->data = nullptr;
+ 		return FALSE;
+ 	}
+ 
diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
index 031cb4a665..08b1fb25e4 100644
--- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
@@ -27,6 +27,7 @@  SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
            file://CVE-2026-24675.patch \
            file://CVE-2026-24676.patch \
            file://CVE-2026-24679.patch \
+           file://CVE-2026-24680_CVE-2026-27950.patch \
            "
 
 S = "${WORKDIR}/git"