CVE-2026-24675: Freerdp Cve 2026 24675

The object returned by `get_MsConfig` is owned by the device object. Explicitly freeing it with `msusb_msconfig_free` causes a use-after-free vulnerability when the device object later dereferences the dangling pointer. Do not free this structure directly.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0c

greprules fetch cve-2026-24675-freerdp-cve-2026-24675 --engine opengrep

Description

The object returned by `get_MsConfig` is owned by the device object. Explicitly freeing it with `msusb_msconfig_free` causes a use-after-free vulnerability when the device object later dereferences the dangling pointer. Do not free this structure directly.

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Trust signals: 108 downloads
0 direct108 via packs
· 0 stars · Trust score 61How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata