Bug 2367717 (CVE-2025-5024) - CVE-2025-5024 gnome-remote-desktop: Uncontrolled Resource Consumption due to Malformed RDP PDUs [NEEDINFO]
Summary: CVE-2025-5024 gnome-remote-desktop: Uncontrolled Resource Consumption due to ...
Keywords:
Status: NEW
Alias: CVE-2025-5024
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2367727
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-21 03:21 UTC by OSIDB Bzimport
Modified: 2025-05-22 19:43 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:
carnil: needinfo? (prodsec-dev)

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-05-21 03:21:35 UTC 
Once gnome-remote-desktop is listening for RDP connections, an unauthenticated attacker can exhaust system resources and crash the process repeatedly. In fact, there is some sort of resource leak that after many attacks, will result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
Comment 3 Salvatore Bonaccorso 2025-05-22 19:15:58 UTC 
Do you have more inforamtion on this issue? Any insights? The reference is quite vague at this point in time.
Comment 4 Michael Catanzaro 2025-05-22 19:36:59 UTC Comment hidden (obsolete)
Comment 5 Michael Catanzaro 2025-05-22 19:43:33 UTC 
Sorry, I confused this with bug #2365232. This issue is different and I don't know anything yet. It has not been reported to GNOME Security.

This bug is only two days old, though. I guess we'll have more information soon.
Note You need to log in before you can comment on or make changes to this bug.