CVE-2026-24678
Publication date 9 February 2026
Last updated 16 February 2026
Ubuntu priority
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecam_channel_write. This vulnerability is fixed in 3.22.0.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| freerdp | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| freerdp2 | 25.10 questing | Not in release |
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| freerdp3 | 25.10 questing |
Fixed 3.16.0+dfsg-2ubuntu0.1
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy | Not in release |
Notes
References
Related Ubuntu Security Notices (USN)
- USN-8042-1
- FreeRDP vulnerabilities
- 16 February 2026