CVE-2026-31524 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

HID: asus: avoid memory leak in asus_report_fixup()

The asus_report_fixup() function was returning a newly allocated
kmemdup()-allocated buffer, but never freeing it. Switch to
devm_kzalloc() to ensure the memory is managed and freed automatically
when the device is removed.

The caller of report_fixup() does not take ownership of the returned
pointer, but it is permitted to return a pointer whose lifetime is at
least that of the input buffer.

Also fix a harmless out-of-bounds read by copying only the original
descriptor size.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 726765b43deb2b4723869d673cc5fc6f7a3b2059
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< ede95cfcab8064d9a08813fbd7ed42cea8843dcf
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< f20f17cffbe34fb330267e0f8084f5565f807444
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 84724ac4821a160d47b84289adf139023027bdbb
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 2bad24c17742fc88973d6aea526ce1353f5334a3

Linux

affected

Version	Status	Constraints
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.131`	unaffected	≤ 6.6.*
`6.12.80`	unaffected	≤ 6.12.*
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/2bad24c17742fc88973d6aea526ce1353f5334a3
https://git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973
https://git.kernel.org/stable/c/726765b43deb2b4723869d673cc5fc6f7a3b2059
https://git.kernel.org/stable/c/7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd
https://git.kernel.org/stable/c/84724ac4821a160d47b84289adf139023027bdbb
https://git.kernel.org/stable/c/a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c
https://git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd7ed42cea8843dcf
https://git.kernel.org/stable/c/f20f17cffbe34fb330267e0f8084f5565f807444

History

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asus_report_fixup() The asus_report_fixup() function was returning a newly allocated kmemdup()-allocated buffer, but never freeing it. Switch to devm_kzalloc() to ensure the memory is managed and freed automatically when the device is removed. The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a pointer whose lifetime is at least that of the input buffer. Also fix a harmless out-of-bounds read by copying only the original descriptor size.
Title		HID: asus: avoid memory leak in asus_report_fixup()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2bad24c17742fc88973d6aea526ce1353f5334a3 https://git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973 https://git.kernel.org/stable/c/726765b43deb2b4723869d673cc5fc6f7a3b2059 https://git.kernel.org/stable/c/7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd https://git.kernel.org/stable/c/84724ac4821a160d47b84289adf139023027bdbb https://git.kernel.org/stable/c/a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c https://git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd7ed42cea8843dcf https://git.kernel.org/stable/c/f20f17cffbe34fb330267e0f8084f5565f807444

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:54:38.389Z

Updated: 2026-04-22T13:54:38.389Z

Reserved: 2026-03-09T15:48:24.110Z

Link: CVE-2026-31524

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-22T14:16:52.430

Modified: 2026-04-22T14:16:52.430

Link: CVE-2026-31524

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T18:45:23Z

Weaknesses

No weakness.

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object