Bug 2367717 (CVE-2025-5024)
| Summary: | CVE-2025-5024 gnome-remote-desktop: Uncontrolled Resource Consumption due to Malformed RDP PDUs | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | carnil, jadahl, mcatanza, prodsec-dev, security-response-team, sourabhtk37, tcullum |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2367727 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-05-21 03:21:35 UTC
Do you have more inforamtion on this issue? Any insights? The reference is quite vague at this point in time. All I have is the stack trace, but I think we should give that to FreeRDP developers and allow them to decide how to disclose it, rather than dumping it here. Sorry, I confused this with bug #2365232. This issue is different and I don't know anything yet. It has not been reported to GNOME Security. This bug is only two days old, though. I guess we'll have more information soon. We are still missing an upstream bug report with details about this bug. I know we have the info within Red Hat, but if we can't get the info into an upstream bug report, then I'll need to dispute the CVE. Hi, Jonas, do you have enough info to create an upstream bug report for this? Or do we need Product Security to help with this? (In reply to Michael Catanzaro from comment #6) > We are still missing an upstream bug report with details about this bug. I > know we have the info within Red Hat, but if we can't get the info into an > upstream bug report, then I'll need to dispute the CVE. > > Hi, Jonas, do you have enough info to create an upstream bug report for > this? Or do we need Product Security to help with this? Since the CVE was published, I went and did a merge request directly, without dealing with any security related procedures. See https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/merge_requests/321. Hi Jonas, e c I'm trying to understand more about this issue. Is there any way to test or reproduce this issue? That would be really helpful to test. Thanks This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:10631 https://access.redhat.com/errata/RHSA-2025:10631 (In reply to T K Sourab from comment #8) > Hi Jonas, e c > > I'm trying to understand more about this issue. Is there any way to test or > reproduce this issue? That would be really helpful to test. > > Thanks I don't have a public reproducer to share, but using a RDP fuzzer that tries to connect many times per second throwing garbage at the RDP socket could cause sporadic problems with file descriptor leaks, that eventually hit the open file descriptor limit causing the server to abort. This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:10635 https://access.redhat.com/errata/RHSA-2025:10635 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:10742 https://access.redhat.com/errata/RHSA-2025:10742 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:11404 https://access.redhat.com/errata/RHSA-2025:11404 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:11403 https://access.redhat.com/errata/RHSA-2025:11403 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:11407 https://access.redhat.com/errata/RHSA-2025:11407 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:11405 https://access.redhat.com/errata/RHSA-2025:11405 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:11406 https://access.redhat.com/errata/RHSA-2025:11406 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:11408 https://access.redhat.com/errata/RHSA-2025:11408 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:11418 https://access.redhat.com/errata/RHSA-2025:11418 |