CVE-2026-31524

MEDIUM EPSS 2.4%
Published Apr 22, 20262mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 22, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asus_report_fixup() The asus_report_fixup() function was returning a newly allocated kmemdup()-allocated buffer, but never freeing it. Switch to devm_kzalloc() to ensure the memory is managed and freed automatically when the device is removed. The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a pointer whose lifetime is at least that of the input buffer. Also fix a harmless out-of-bounds read by copying only the original descriptor size.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥4.14  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.168
linuxlinux_kernel*≥6.2  –  <6.6.131
linuxlinux_kernel*≥6.7  –  <6.12.80
linuxlinux_kernel*≥6.13  –  <6.18.21
linuxlinux_kernel*≥6.19  –  <6.19.11
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/2bad24c17742fc88973d6aea526ce1353f5334a3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/726765b43deb2b4723869d673cc5fc6f7a3b2059
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/84724ac4821a160d47b84289adf139023027bdbb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd7ed42cea8843dcf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f20f17cffbe34fb330267e0f8084f5565f807444
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2bad24c17742fc88973d6aea526ce1353f5334a3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/726765b43deb2b4723869d673cc5fc6f7a3b2059
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/84724ac4821a160d47b84289adf139023027bdbb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd7ed42cea8843dcf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f20f17cffbe34fb330267e0f8084f5565f807444
    Patch