Bug 2498073 (CVE-2026-56297) - CVE-2026-56297 FreeRDP: FreeRDP: Remote code execution or denial of service via use-after-free race condition
Summary: CVE-2026-56297 FreeRDP: FreeRDP: Remote code execution or denial of service v...
Keywords:
Status: NEW
Alias: CVE-2026-56297
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2498504 2498505 2498506
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-08 15:01 UTC by OSIDB Bzimport
Modified: 2026-07-09 14:09 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-08 15:01:59 UTC
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by sending DYNVC_DATA and DYNVC_CLOSE messages concurrently, causing heap-use-after-free in the drdynvc client thread and potentially enabling remote code execution or denial of service.


Note You need to log in before you can comment on or make changes to this bug.