CVE-2026-31524

HID: asus: avoid memory leak in asus_report_fixup()

Description

In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asus_report_fixup() The asus_report_fixup() function was returning a newly allocated kmemdup()-allocated buffer, but never freeing it. Switch to devm_kzalloc() to ensure the memory is managed and freed automatically when the device is removed. The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a pointer whose lifetime is at least that of the input buffer. Also fix a harmless out-of-bounds read by copying only the original descriptor size.

INFO

Published Date :

2026-04-22T13:54:38.389Z

Last Modified :

2026-04-23T15:18:42.494Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2026-31524 vulnerability.

Vendors	Products
Linux	Linux Kernel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31524.

URL	Resource
https://git.kernel.org/stable/c/2bad24c17742fc88973d6aea526ce1353f5334a3
https://git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973
https://git.kernel.org/stable/c/726765b43deb2b4723869d673cc5fc6f7a3b2059
https://git.kernel.org/stable/c/7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd
https://git.kernel.org/stable/c/84724ac4821a160d47b84289adf139023027bdbb
https://git.kernel.org/stable/c/a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c
https://git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd7ed42cea8843dcf
https://git.kernel.org/stable/c/f20f17cffbe34fb330267e0f8084f5565f807444
https://lore.kernel.org/linux-cve-announce/2026042213-CVE-2026-31524-3f28@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31524
https://www.cve.org/CVERecord?id=CVE-2026-31524

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact