freerdp3: fix CVE-2026-24675

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24675
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-24675.patch

@@ -0,0 +1,32 @@
+From be9e04d4060bd826eeb94dc0689d261391f74722 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Mon, 26 Jan 2026 11:54:56 +0100
+Subject: [PATCH] [channels,urbdrc] do not free MsConfig on failure
+
+let the channel handle it later.
+
+(cherry picked from commit d676518809c319eec15911c705c13536036af2ae)
+
+CVE: CVE-2026-24675
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/d676518809c319eec15911c705c13536036af2ae]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ channels/urbdrc/client/data_transfer.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c
+index 7a7e5a2b4..074a8c05b 100644
+--- a/channels/urbdrc/client/data_transfer.c
++++ b/channels/urbdrc/client/data_transfer.c
+@@ -581,10 +581,8 @@ static UINT urb_select_interface(IUDEVICE* pdev, GENERIC_CHANNEL_CALLBACK* callb
+ 	MsConfig = pdev->get_MsConfig(pdev);
+ 	InterfaceNumber = MsInterface->InterfaceNumber;
+ 	if (!msusb_msinterface_replace(MsConfig, InterfaceNumber, MsInterface))
+-	{
+-		msusb_msconfig_free(MsConfig);
+ 		return ERROR_BAD_CONFIGURATION;
+-	}
++
+ 	/* complete configuration setup */
+ 	if (!pdev->complete_msconfig_setup(pdev, MsConfig))
+ 	{

meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb

@@ -24,6 +24,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
            file://CVE-2026-33952.patch \
            file://CVE-2026-23948.patch \
            file://CVE-2026-24491.patch \
+           file://CVE-2026-24675.patch \
            "
 
 S = "${WORKDIR}/git"