ALAS2023-2026-1433

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1433
Advisory Released Date: 2026-02-18
Advisory Updated Date: 2026-02-18

Severity: Medium

References: CVE-2026-22851 CVE-2026-22852 CVE-2026-22854 CVE-2026-22855 CVE-2026-22856 CVE-2026-22858 CVE-2026-22859 CVE-2026-23732
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1. (CVE-2026-22851)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1. (CVE-2026-22852)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1. (CVE-2026-22854)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1. (CVE-2026-22855)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use-after-free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1. (CVE-2026-22856)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1. (CVE-2026-22858)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server-supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out-of-bounds read. This vulnerability is fixed in 3.20.1. (CVE-2026-22859)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client-side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue. (CVE-2026-23732)

Affected Packages:

freerdp

Issue Correction:
Run dnf update freerdp --releasever 2023.10.20260216 or dnf update --advisory ALAS2023-2026-1433 --releasever 2023.10.20260216 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    freerdp-server-debuginfo-3.6.3-1.amzn2023.0.3.aarch64
    freerdp-libs-debuginfo-3.6.3-1.amzn2023.0.3.aarch64
    libwinpr-debuginfo-3.6.3-1.amzn2023.0.3.aarch64
    libwinpr-3.6.3-1.amzn2023.0.3.aarch64
    freerdp-debuginfo-3.6.3-1.amzn2023.0.3.aarch64
    freerdp-server-3.6.3-1.amzn2023.0.3.aarch64
    freerdp-3.6.3-1.amzn2023.0.3.aarch64
    libwinpr-devel-3.6.3-1.amzn2023.0.3.aarch64
    freerdp-devel-3.6.3-1.amzn2023.0.3.aarch64
    freerdp-libs-3.6.3-1.amzn2023.0.3.aarch64
    freerdp-debugsource-3.6.3-1.amzn2023.0.3.aarch64

src:
    freerdp-3.6.3-1.amzn2023.0.3.src

x86_64:
    libwinpr-devel-3.6.3-1.amzn2023.0.3.x86_64
    freerdp-server-debuginfo-3.6.3-1.amzn2023.0.3.x86_64
    libwinpr-debuginfo-3.6.3-1.amzn2023.0.3.x86_64
    freerdp-debuginfo-3.6.3-1.amzn2023.0.3.x86_64
    freerdp-3.6.3-1.amzn2023.0.3.x86_64
    freerdp-libs-debuginfo-3.6.3-1.amzn2023.0.3.x86_64
    freerdp-server-3.6.3-1.amzn2023.0.3.x86_64
    libwinpr-3.6.3-1.amzn2023.0.3.x86_64
    freerdp-libs-3.6.3-1.amzn2023.0.3.x86_64
    freerdp-devel-3.6.3-1.amzn2023.0.3.x86_64
    freerdp-debugsource-3.6.3-1.amzn2023.0.3.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2026-22851, CVE-2026-22852, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22858, CVE-2026-22859, CVE-2026-23732

Mitre: CVE-2026-22851, CVE-2026-22852, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22858, CVE-2026-22859, CVE-2026-23732