2367717 – (CVE-2025-5024) CVE-2025-5024 gnome-remote-desktop: Uncontrolled Resource Consumption due to Malformed RDP PDUs

Bug 2367717 (CVE-2025-5024) - CVE-2025-5024 gnome-remote-desktop: Uncontrolled Resource Consumption due to Malformed RDP PDUs

Summary: CVE-2025-5024 gnome-remote-desktop: Uncontrolled Resource Consumption due to ...

Keywords:
Status:	NEW
Alias:	CVE-2025-5024
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2367727
Blocks:
TreeView+	depends on / blocked

Reported:	2025-05-21 03:21 UTC by OSIDB Bzimport
Modified:	2025-07-21 06:52 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
GNOME Gitlab	GNOME gnome-remote-desktop merge_requests 321	None	opened	(CVE-2025-5024) Add connection throttling	2025-06-12 22:12:22 UTC
Red Hat Product Errata	RHSA-2025:10631	None	None	None	2025-07-08 13:25:00 UTC
Red Hat Product Errata	RHSA-2025:10635	None	None	None	2025-07-08 13:34:42 UTC
Red Hat Product Errata	RHSA-2025:10742	None	None	None	2025-07-09 19:14:41 UTC
Red Hat Product Errata	RHSA-2025:11403	None	None	None	2025-07-21 01:27:15 UTC
Red Hat Product Errata	RHSA-2025:11404	None	None	None	2025-07-21 01:18:42 UTC
Red Hat Product Errata	RHSA-2025:11405	None	None	None	2025-07-21 01:38:10 UTC
Red Hat Product Errata	RHSA-2025:11406	None	None	None	2025-07-21 01:47:52 UTC
Red Hat Product Errata	RHSA-2025:11407	None	None	None	2025-07-21 01:28:58 UTC
Red Hat Product Errata	RHSA-2025:11408	None	None	None	2025-07-21 01:48:36 UTC
Red Hat Product Errata	RHSA-2025:11418	None	None	None	2025-07-21 06:52:43 UTC

Description OSIDB Bzimport 2025-05-21 03:21:35 UTC

Once gnome-remote-desktop is listening for RDP connections, an unauthenticated attacker can exhaust system resources and crash the process repeatedly. In fact, there is some sort of resource leak that after many attacks, will result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.

Comment 3 Salvatore Bonaccorso 2025-05-22 19:15:58 UTC

Do you have more inforamtion on this issue? Any insights? The reference is quite vague at this point in time.

Comment 4 Michael Catanzaro 2025-05-22 19:36:59 UTC Comment hidden (obsolete)

All I have is the stack trace, but I think we should give that to FreeRDP developers and allow them to decide how to disclose it, rather than dumping it here.

Comment 5 Michael Catanzaro 2025-05-22 19:43:33 UTC

Sorry, I confused this with bug #2365232. This issue is different and I don't know anything yet. It has not been reported to GNOME Security.

This bug is only two days old, though. I guess we'll have more information soon.

Comment 6 Michael Catanzaro 2025-06-12 21:20:02 UTC

We are still missing an upstream bug report with details about this bug. I know we have the info within Red Hat, but if we can't get the info into an upstream bug report, then I'll need to dispute the CVE.

Hi, Jonas, do you have enough info to create an upstream bug report for this? Or do we need Product Security to help with this?

Comment 7 Jonas Ådahl 2025-06-12 21:25:45 UTC

(In reply to Michael Catanzaro from comment #6)
> We are still missing an upstream bug report with details about this bug. I
> know we have the info within Red Hat, but if we can't get the info into an
> upstream bug report, then I'll need to dispute the CVE.
> 
> Hi, Jonas, do you have enough info to create an upstream bug report for
> this? Or do we need Product Security to help with this?

Since the CVE was published, I went and did a merge request directly, without dealing with any security related procedures. See https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/merge_requests/321.

Comment 8 T K Sourab 2025-07-01 14:53:52 UTC

Hi Jonas, e c

I'm trying to understand more about this issue. Is there any way to test or reproduce this issue? That would be really helpful to test. 

Thanks

Comment 9 errata-xmlrpc 2025-07-08 13:24:59 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:10631 https://access.redhat.com/errata/RHSA-2025:10631

Comment 10 Jonas Ådahl 2025-07-08 13:34:32 UTC

(In reply to T K Sourab from comment #8)
> Hi Jonas, e c
> 
> I'm trying to understand more about this issue. Is there any way to test or
> reproduce this issue? That would be really helpful to test. 
> 
> Thanks

I don't have a public reproducer to share, but using a RDP fuzzer that tries to connect many times per second throwing garbage at the RDP socket could cause sporadic problems with file descriptor leaks, that eventually hit the open file descriptor limit causing the server to abort.

Comment 11 errata-xmlrpc 2025-07-08 13:34:41 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:10635 https://access.redhat.com/errata/RHSA-2025:10635

Comment 12 errata-xmlrpc 2025-07-09 19:14:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:10742 https://access.redhat.com/errata/RHSA-2025:10742

Comment 13 errata-xmlrpc 2025-07-21 01:18:41 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:11404 https://access.redhat.com/errata/RHSA-2025:11404

Comment 14 errata-xmlrpc 2025-07-21 01:27:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:11403 https://access.redhat.com/errata/RHSA-2025:11403

Comment 15 errata-xmlrpc 2025-07-21 01:28:57 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:11407 https://access.redhat.com/errata/RHSA-2025:11407

Comment 16 errata-xmlrpc 2025-07-21 01:38:08 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:11405 https://access.redhat.com/errata/RHSA-2025:11405

Comment 17 errata-xmlrpc 2025-07-21 01:47:50 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:11406 https://access.redhat.com/errata/RHSA-2025:11406

Comment 18 errata-xmlrpc 2025-07-21 01:48:35 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:11408 https://access.redhat.com/errata/RHSA-2025:11408

Comment 19 errata-xmlrpc 2025-07-21 06:52:41 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:11418 https://access.redhat.com/errata/RHSA-2025:11418

Note You need to log in before you can comment on or make changes to this bug.