HID: asus: avoid memory leak in asus_report_fixup()

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-31524
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-04-22 14:16:52 UTC
Updated2026-04-28 18:07:48 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asus_report_fixup() The asus_report_fixup() function was returning a newly allocated kmemdup()-allocated buffer, but never freeing it. Switch to devm_kzalloc() to ensure the memory is managed and freed automatically when the device is removed. The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a pointer whose lifetime is at least that of the input buffer. Also fix a harmless out-of-bounds read by copying only the original descriptor size.

Risk And Classification

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS: 0.000240000 probability, percentile 0.067930000 (date 2026-04-26)

Problem Types: CWE-401

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 5703e52cc711bc01e72cf12b86a126909c79d213 726765b43deb2b4723869d673cc5fc6f7a3b2059 git Not specified
CNA Linux Linux affected 5703e52cc711bc01e72cf12b86a126909c79d213 ede95cfcab8064d9a08813fbd7ed42cea8843dcf git Not specified
CNA Linux Linux affected 5703e52cc711bc01e72cf12b86a126909c79d213 2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973 git Not specified
CNA Linux Linux affected 5703e52cc711bc01e72cf12b86a126909c79d213 f20f17cffbe34fb330267e0f8084f5565f807444 git Not specified
CNA Linux Linux affected 5703e52cc711bc01e72cf12b86a126909c79d213 7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd git Not specified
CNA Linux Linux affected 5703e52cc711bc01e72cf12b86a126909c79d213 a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c git Not specified
CNA Linux Linux affected 5703e52cc711bc01e72cf12b86a126909c79d213 84724ac4821a160d47b84289adf139023027bdbb git Not specified
CNA Linux Linux affected 5703e52cc711bc01e72cf12b86a126909c79d213 2bad24c17742fc88973d6aea526ce1353f5334a3 git Not specified
CNA Linux Linux affected 4.14 Not specified
CNA Linux Linux unaffected 4.14 semver Not specified
CNA Linux Linux unaffected 5.10.253 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.203 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.168 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.131 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.80 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.21 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.11 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/2bad24c17742fc88973d6aea526ce1353f5334a3 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/f20f17cffbe34fb330267e0f8084f5565f807444 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd7ed42cea8843dcf 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/726765b43deb2b4723869d673cc5fc6f7a3b2059 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/84724ac4821a160d47b84289adf139023027bdbb 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report