diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24675.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24675.patch new file mode 100644 index 0000000000..022c7f2e3e --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24675.patch @@ -0,0 +1,32 @@ +From be9e04d4060bd826eeb94dc0689d261391f74722 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Mon, 26 Jan 2026 11:54:56 +0100 +Subject: [PATCH] [channels,urbdrc] do not free MsConfig on failure + +let the channel handle it later. + +(cherry picked from commit d676518809c319eec15911c705c13536036af2ae) + +CVE: CVE-2026-24675 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/d676518809c319eec15911c705c13536036af2ae] +Signed-off-by: Ankur Tyagi +--- + channels/urbdrc/client/data_transfer.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c +index 7a7e5a2b4..074a8c05b 100644 +--- a/channels/urbdrc/client/data_transfer.c ++++ b/channels/urbdrc/client/data_transfer.c +@@ -581,10 +581,8 @@ static UINT urb_select_interface(IUDEVICE* pdev, GENERIC_CHANNEL_CALLBACK* callb + MsConfig = pdev->get_MsConfig(pdev); + InterfaceNumber = MsInterface->InterfaceNumber; + if (!msusb_msinterface_replace(MsConfig, InterfaceNumber, MsInterface)) +- { +- msusb_msconfig_free(MsConfig); + return ERROR_BAD_CONFIGURATION; +- } ++ + /* complete configuration setup */ + if (!pdev->complete_msconfig_setup(pdev, MsConfig)) + { diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index e66a4ed4da..c83d82b357 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -24,6 +24,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2026-33952.patch \ file://CVE-2026-23948.patch \ file://CVE-2026-24491.patch \ + file://CVE-2026-24675.patch \ " S = "${WORKDIR}/git"