{
  "threat_severity" : "Moderate",
  "public_date" : "2026-01-14T17:43:28Z",
  "bugzilla" : {
    "description" : "freerdp: FreeRDP RDPGFX ResetGraphics race",
    "id" : "2429651",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2429651"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-825",
  "details" : [ "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1.", "A data race has been discovered in FreeRDP. This race condition exists between the RDPGFX dynamic virtual channel thread and the SDL render thread and leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during RDPGFX ResetGraphics handling." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-22851\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-22851\nhttps://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8g87-6pvc-wh99" ],
  "name" : "CVE-2026-22851",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}