Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22852
The related github advisory[1] comes with an analysis of the vulnerability, including pointing to the vulnerable code snippet. Backported the commit that touched the mentioned code part in the fixed version, and is in line with the description of the issue. Ptests passed successfully. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../freerdp/freerdp/CVE-2026-22852.patch | 27 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.11.7.bb | 1 + 2 files changed, 28 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch new file mode 100644 index 0000000000..aa6952fb7d --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch @@ -0,0 +1,27 @@ +From e3391e8d160f4b1b43d53b4a7d462a3601c45408 Mon Sep 17 00:00:00 2001 +From: akallabeth <[email protected]> +Date: Sat, 10 Jan 2026 08:36:38 +0100 +Subject: [PATCH] free up old audio formats + +CVE: CVE-2026-22852 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/cd1ffa112cfbe1b40a9fd57e299a8ea12e23df0d] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + channels/audin/client/audin_main.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/channels/audin/client/audin_main.c b/channels/audin/client/audin_main.c +index 23561b153..5ffe09127 100644 +--- a/channels/audin/client/audin_main.c ++++ b/channels/audin/client/audin_main.c +@@ -219,6 +219,10 @@ static UINT audin_process_formats(AUDIN_PLUGIN* audin, AUDIN_CHANNEL_CALLBACK* c + } + + Stream_Seek_UINT32(s); /* cbSizeFormatsPacket */ ++ ++ audio_formats_free(callback->formats, callback->formats_count); ++ callback->formats_count = 0; ++ + callback->formats = audio_formats_new(NumFormats); + + if (!callback->formats) diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb index 3ee4f99c1a..70198a1e21 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb @@ -26,6 +26,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2024-32661.patch \ file://CVE-2026-22854.patch \ file://CVE-2026-22855.patch \ + file://CVE-2026-22852.patch \ "
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124555): https://lists.openembedded.org/g/openembedded-devel/message/124555 Mute This Topic: https://lists.openembedded.org/mt/117963226/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
