freerdp: patch CVE-2026-22852

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22852 The related github advisory[1] comes with an analysis of the vulnerability, including pointing to the vulnerable code snippet. Backported the commit that touched the mentioned code part in the fixed version, and is in line with the description of the issue. Ptests passed successfully. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2026-02-23 20:18:38 +0100
committer: Khem Raj <raj.khem@gmail.com> 2026-02-24 22:30:27 -0800
commit: e3fbcd0250d70099a56d30b6a39ebacc4237841e (patch)
tree: 988973b2cf3370366b666a2dbd400a181d867ab2
parent: 3e32683d88483590025c214928fed0c9c0b150db (diff)
download: meta-openembedded-e3fbcd0250d70099a56d30b6a39ebacc4237841e.tar.gz
2 files changed, 28 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch
new file mode 100644
index 0000000000..aa6952fb7d
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch
@@ -0,0 +1,27 @@
+From e3391e8d160f4b1b43d53b4a7d462a3601c45408 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Sat, 10 Jan 2026 08:36:38 +0100
+Subject: [PATCH] free up old audio formats
+CVE: CVE-2026-22852
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/cd1ffa112cfbe1b40a9fd57e299a8ea12e23df0d]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ channels/audin/client/audin_main.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/channels/audin/client/audin_main.c b/channels/audin/client/audin_main.c
+index 23561b153..5ffe09127 100644
+--- a/channels/audin/client/audin_main.c
+++ b/channels/audin/client/audin_main.c
+@@ -219,6 +219,10 @@ static UINT audin_process_formats(AUDIN_PLUGIN* audin, AUDIN_CHANNEL_CALLBACK* c
+        }
+ 
+        Stream_Seek_UINT32(s); /* cbSizeFormatsPacket */
+
+       audio_formats_free(callback->formats, callback->formats_count);
+       callback->formats_count = 0;
+
+        callback->formats = audio_formats_new(NumFormats);
+ 
+        if (!callback->formats)
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
index 3ee4f99c1a..70198a1e21 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
@@ -26,6 +26,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
           file://CVE-2024-32661.patch \
           file://CVE-2026-22854.patch \
           file://CVE-2026-22855.patch \
+           file://CVE-2026-22852.patch \
           "
author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-02-23 20:18:38 +0100
committer	Khem Raj <raj.khem@gmail.com>	2026-02-24 22:30:27 -0800
commit	e3fbcd0250d70099a56d30b6a39ebacc4237841e (patch)
tree	988973b2cf3370366b666a2dbd400a181d867ab2
parent	3e32683d88483590025c214928fed0c9c0b150db (diff)
download	meta-openembedded-e3fbcd0250d70099a56d30b6a39ebacc4237841e.tar.gz

diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch new file mode 100644 index 0000000000..aa6952fb7d --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch
@@ -0,0 +1,27 @@
		1	From e3391e8d160f4b1b43d53b4a7d462a3601c45408 Mon Sep 17 00:00:00 2001
		2	From: akallabeth <akallabeth@posteo.net>
		3	Date: Sat, 10 Jan 2026 08:36:38 +0100
		4	Subject: [PATCH] free up old audio formats
		5
		6	CVE: CVE-2026-22852
		7	Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/cd1ffa112cfbe1b40a9fd57e299a8ea12e23df0d]
		8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		9	---
		10	channels/audin/client/audin_main.c \| 4 ++++
		11	1 file changed, 4 insertions(+)
		12
		13	diff --git a/channels/audin/client/audin_main.c b/channels/audin/client/audin_main.c
		14	index 23561b153..5ffe09127 100644
		15	--- a/channels/audin/client/audin_main.c
		16	+++ b/channels/audin/client/audin_main.c
		17	@@ -219,6 +219,10 @@ static UINT audin_process_formats(AUDIN_PLUGIN* audin, AUDIN_CHANNEL_CALLBACK* c
		18	}
		19
		20	Stream_Seek_UINT32(s); /* cbSizeFormatsPacket */
		21	+
		22	+ audio_formats_free(callback->formats, callback->formats_count);
		23	+ callback->formats_count = 0;
		24	+
		25	callback->formats = audio_formats_new(NumFormats);
		26
		27	if (!callback->formats)


diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb index 3ee4f99c1a..70198a1e21 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
@@ -26,6 +26,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
26	file://CVE-2024-32661.patch \	26	file://CVE-2024-32661.patch \
27	file://CVE-2026-22854.patch \	27	file://CVE-2026-22854.patch \
28	file://CVE-2026-22855.patch \	28	file://CVE-2026-22855.patch \
		29	file://CVE-2026-22852.patch \
29	"	30	"
30		31
31		32