CVE-2026-31524: Linux Kernel HID ASUS Memory Leak & OOB Read
CVE-2026-31524 Published on April 22, 2026
HID: asus: avoid memory leak in asus_report_fixup()
In the Linux kernel, the following vulnerability has been resolved:
HID: asus: avoid memory leak in asus_report_fixup()
The asus_report_fixup() function was returning a newly allocated
kmemdup()-allocated buffer, but never freeing it. Switch to
devm_kzalloc() to ensure the memory is managed and freed automatically
when the device is removed.
The caller of report_fixup() does not take ownership of the returned
pointer, but it is permitted to return a pointer whose lifetime is at
least that of the input buffer.
Also fix a harmless out-of-bounds read by copying only the original
descriptor size.
Products Associated with CVE-2026-31524
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 726765b43deb2b4723869d673cc5fc6f7a3b2059 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below ede95cfcab8064d9a08813fbd7ed42cea8843dcf is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below f20f17cffbe34fb330267e0f8084f5565f807444 is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 7a6d6e4d8af044f94fa97e97af5ff2771e1fbebd is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below a41cc7c1668e44ff2c2d36f9a6353253ffc43e3c is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 84724ac4821a160d47b84289adf139023027bdbb is affected.
- Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and below 2bad24c17742fc88973d6aea526ce1353f5334a3 is affected.
- Version 5.10.253, <= 5.10.* is unaffected.
- Version 5.15.203, <= 5.15.* is unaffected.
- Version 6.1.168, <= 6.1.* is unaffected.
- Version 6.6.131, <= 6.6.* is unaffected.
- Version 6.12.80, <= 6.12.* is unaffected.
- Version 6.18.21, <= 6.18.* is unaffected.
- Version 6.19.11, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.