CVE-2024-32041
📋 TL;DR
FreeRDP clients using versions before 3.5.0 or 2.11.6 contain an out-of-bounds read vulnerability in the graphics pipeline. This could allow attackers to read sensitive memory contents or potentially crash the client. Anyone using vulnerable FreeRDP-based remote desktop clients is affected.
💻 Affected Systems
- FreeRDP
- Any software using FreeRDP library
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
Freerdp by Freerdp
Freerdp by Freerdp
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise of the client machine, though this requires additional vulnerabilities to be chained.
Likely Case
Client application crash (denial of service) or information disclosure through memory read.
If Mitigated
No impact if patched or workaround applied with proper network segmentation.
🎯 Exploit Status
Out-of-bounds read vulnerabilities often lead to crashes but can be leveraged for information disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.5.0 or 2.11.6
Vendor Advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
Restart Required: Yes
Instructions:
1. Update FreeRDP to version 3.5.0 or 2.11.6. 2. For Linux: Use package manager (apt/yum/dnf). 3. For Windows: Download from official releases. 4. Restart any FreeRDP client applications.
🔧 Temporary Workarounds
Disable GFX mode
allDisable the vulnerable graphics pipeline by using alternative rendering options
xfreerdp /v:TARGET /bpp:32
xfreerdp /v:TARGET /rfx
🧯 If You Can't Patch
- Disable FreeRDP client usage entirely
- Implement strict network controls to limit RDP connections to trusted servers only
🔍 How to Verify
Check if Vulnerable:
Check FreeRDP version with: xfreerdp --versionCheck Version:
xfreerdp --version | head -1Verify Fix Applied:
Confirm version is 3.5.0 or higher, or 2.11.6 or higher📡 Detection & Monitoring
Log Indicators:
- FreeRDP client crashes
- Memory access violation errors in application logs
Network Indicators:
- Unusual RDP traffic patterns to FreeRDP clients
- Connection attempts followed by client disconnections
SIEM Query:
source="*freerdp*" AND (event="crash" OR event="segfault" OR event="access_violation")🔗 References
- https://github.com/FreeRDP/FreeRDP/pull/10077
- https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
- https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
- https://github.com/FreeRDP/FreeRDP/pull/10077
- https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
- https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
