CVE-2026-24684
Publication date 9 February 2026
Last updated 16 February 2026
Ubuntu priority
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| freerdp | 25.10 questing | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| freerdp2 | 25.10 questing | Not in release |
| 24.04 LTS noble |
Fixed 2.11.5+dfsg1-1ubuntu0.1~esm5
|
|
| 22.04 LTS jammy |
Fixed 2.6.1+dfsg1-3ubuntu2.10
|
|
| 20.04 LTS focal |
Fixed 2.6.1+dfsg1-0ubuntu0.20.04.2+esm3
|
|
| 18.04 LTS bionic | Ignored changes too intrusive | |
| freerdp3 | 25.10 questing |
Fixed 3.16.0+dfsg-2ubuntu0.1
|
| 24.04 LTS noble |
Fixed 3.5.1+dfsg1-0ubuntu1.2
|
|
| 22.04 LTS jammy | Not in release |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu Pro 30-day free trialReferences
Related Ubuntu Security Notices (USN)
- USN-8042-1
- FreeRDP vulnerabilities
- 16 February 2026