CVE-2026-31524
Published: Apr 22, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asus_report_fixup() The asus_report_fixup() function was returning a newly allocated kmemdup()-allocated buffer, but never freeing it. Switch to devm_kzalloc() to ensure the memory is managed and freed automatically when the device is removed. The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a pointer whose lifetime is at least that of the input buffer. Also fix a harmless out-of-bounds read by copying only the original descriptor size.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5703e52cc711bc01e72cf12b86a126909c79d213 - < 726765b43deb2b4723869d673cc5fc6f7a3b2059affected 5703e52cc711bc01e72cf12b86a126909c79d213 - < ede95cfcab8064d9a08813fbd7ed42cea8843dcfaffected 5703e52cc711bc01e72cf12b86a126909c79d213 - < 2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973affected 5703e52cc711bc01e72cf12b86a126909c79d213 - < f20f17cffbe34fb330267e0f8084f5565f807444affected 5703e52cc711bc01e72cf12b86a126909c79d213 - < 7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd+3 more versions |
Linux | Linux | affected 4.14unaffected 0 - < 4.14unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now