FreeRDP Denial-of-Service Vulnerability in Anaconda Remote Install Feature

A denial-of-service vulnerability has been identified in FreeRDP, which is used by Anaconda's remote installation feature. The issue arises when a crafted RDP packet is received, causing a segmentation fault that crashes the service and leaves it non-functional. This vulnerability is likely due to a NULL pointer dereference and occurs during a pre-boot phase, requiring a system reboot to recover. The problem is exacerbated by the fact that the remote installation feature must be explicitly enabled by the system administrator, a non-default configuration in most Red Hat Enterprise Linux deployments.

Impact

Exploitation of this vulnerability leads to a crash of the FreeRDP process, causing a denial-of-service condition where the service becomes unresponsive and requires a system reboot to restore functionality.

Reproduction

To reproduce this vulnerability, enable the remote installation feature in Anaconda on a system running Red Hat Enterprise Linux. During the pre-boot phase, send a crafted RDP packet to the installer. This will trigger a segmentation fault in FreeRDP, causing the process to crash and the service to become defunct.

Remediation

Users can apply the available update for FreeRDP through the Red Hat Enterprise Linux 10 channels. Instructions for applying the update can be found in the Red Hat Enterprise Linux 10 Release Notes.