ClickCease Several FreeRDP Vulnerabilities Addressed in Ubuntu

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Several FreeRDP Vulnerabilities Addressed in Ubuntu

Rohan Timalsina

May 9, 2024 - TuxCare expert team

The Ubuntu security team has recently taken action to address several security vulnerabilities found in FreeRDP, a Remote Desktop Protocol (RDP) client widely used for Windows Terminal Services. These vulnerabilities, if exploited, could lead to severe consequences, including denial of service attacks or even the execution of arbitrary code.

Here’s a breakdown of the vulnerabilities that have been fixed in the recent Ubuntu security updates:


CVE-2024-22211 (CVSS v3 Score: 9.8 Critical)

This vulnerability involves the incorrect handling of certain context resets. If a user gets connected to a malicious server, an attacker could exploit this flaw to crash FreeRDP, leading to a denial of service scenario or the execution of arbitrary code. A user may not connect to a malicious server intentionally, but an attacker can trick users using various tactics, such as phishing emails, fake websites, malvertising, etc.


CVE-2024-32039, CVE-2024-32040

These vulnerabilities are related to FreeRDP’s incorrect handling of memory operations. Similarly, if a user connected to a malicious server, it could result in FreeRDP crashing, potentially allowing attackers to cause denial of service or execute arbitrary code. CVE-2024-32039 is an integer overflow and out-of-bounds write vulnerability in FreeRDP before 3.5.0 or 2.11.6. CVE-2024-32040 is an integer overflow vulnerability in FreeRDP before 3.5.0 or 2.11.6.


CVE-2024-32041, CVE-2024-32458, CVE-2024-32460

FreeRDP incorrectly handled certain memory operations, leading to these out-of-bounds read vulnerabilities. These flaws, if exploited through connections to malicious servers, could lead to FreeRDP crashing and subsequently causing denial of service scenarios.



Another out-of-bounds read was found in FreeRDP, posing a risk of crashing both clients and servers, thus leading to denial of service situations when exploited by remote attackers.

Additionally, a series of vulnerabilities, CVE-2024-32658, CVE-2024-32659, CVE-2024-32660, and CVE-2024-32661, have also been addressed later in Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and recently released Ubuntu 24.04.


Mitigation Measures


To mitigate these critical security risks, it is imperative for Ubuntu users to promptly update their FreeRDP packages to the latest version. By doing so, users can safeguard their systems against potential exploitation of these FreeRDP vulnerabilities.

For securing end-of-life Ubuntu systems (Ubuntu 16.04 and Ubuntu 18.04), users can utilize TuxCare’s Extended Lifecycle Support which offers vulnerability patching for five years after the EOL date. This ensures your system remains protected from known vulnerabilities while you can plan your migration carefully.


Source: USN-6749-1

Several FreeRDP Vulnerabilities Addressed in Ubuntu
Article Name
Several FreeRDP Vulnerabilities Addressed in Ubuntu
Stay protected from FreeRDP vulnerabilities in Ubuntu systems. Learn about recent fixes and how to mitigate potential security risks.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter