The flaw, designated as CVE-2025-5024, affects multiple versions of Red Hat Enterprise Linux and carries a CVSS score of 7.4, indicating high severity.
Security researchers have identified this as an uncontrolled resource consumption vulnerability that could lead to persistent system instability even after service restarts.
The security flaw emerges when gnome-remote-desktop begins listening for incoming RDP connections, creating an attack surface that malicious actors can exploit without any authentication requirements.
Attackers can craft malformed RDP Protocol Data Units (PDUs) and send them to vulnerable systems, triggering excessive resource consumption that ultimately leads to process crashes.
The vulnerability falls under the Common Weakness Enumeration classification CWE-400, which specifically addresses uncontrolled resource consumption issues.
What makes this vulnerability particularly concerning is its potential for repeated exploitation. Attackers can continuously send malicious packets to maintain pressure on system resources, creating a sustained denial-of-service condition.
The attack requires no special privileges or user interaction beyond the initial connection attempt, making it relatively straightforward for threat actors to implement.
The network-based attack vector means that any system running gnome-remote-desktop and accepting RDP connections could be targeted remotely.
The vulnerability has been confirmed to affect multiple major enterprise Linux distributions, specifically Red Hat Enterprise Linux versions 8, 9, and 10.
All systems running gnome-remote-desktop packages within these distributions should be considered vulnerable unless explicitly patched.
The scope of impact extends beyond simple service disruption, as repeated attacks can trigger resource leaks that persist even after the gnome-remote-desktop process is restarted through systemd.
These resource leaks represent a particularly troublesome aspect of the vulnerability, as they can accumulate over time and eventually prevent gnome-remote-desktop from performing basic file operations.
This degradation means that even after administrators attempt to recover the service through standard restart procedures, the underlying system may remain compromised.
Organizations relying on remote desktop functionality for critical operations could face extended service outages that require more comprehensive system recovery procedures.
The Common Vulnerability Scoring System assessment reveals several key factors that contribute to the vulnerability’s high severity rating.
The attack complexity is rated as low, indicating that exploitation does not require sophisticated techniques or specialized knowledge.
The changed scope rating suggests that successful exploitation can impact resources beyond the immediate target component, potentially affecting overall system stability and performance.
Security teams should prioritize patching efforts for this vulnerability, particularly in environments where RDP access is essential for business operations.
Organizations should consider implementing network-level protections such as rate limiting and connection monitoring to detect potential exploitation attempts.
Until patches are available, administrators might consider temporarily disabling RDP functionality or restricting access through firewall rules to trusted IP addresses only.
The preliminary nature of current CVSS scores indicates that further analysis may reveal additional impact dimensions, making prompt attention to this vulnerability even more critical.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
The post GNOME RDP Vulnerability Allows Resource Exhaustion and Process Crash appeared first on Cyber Security News.
Tired of the same old black brick of a power bank that litters the marketplace?…
Kunce's appointment follows the resignation of the city's previous choice, Scott Fisher, who left the…
USB Type-C has become the standard for charging and data cables alike, so it's good…
Best Buy is offering an excellent deal on a gaming PC that can comfortably run…
National Weather Service will be presenting a new seminar series later this month, focusing on…
The Rockford Fire Department says an afternoon house fire left a dog dead and displaced…
This website uses cookies.