CVE-2026-31520

Summary

In the Linux kernel, the following vulnerability has been resolved:

HID: apple: avoid memory leak in apple_report_fixup()

The apple_report_fixup() function was returning a newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a sub-portion of the input rdesc, whose lifetime is managed by the caller.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6e143293e17a73c9313f91c5ca3aaacbaef030cf < e2f090aeb7b9930a964e151910f4d45b04c8a7e5affected
LinuxLinux6e143293e17a73c9313f91c5ca3aaacbaef030cf < 2635d0c715f3fb177e0f80ecd5fa48feb6bf3884affected
LinuxLinux6e143293e17a73c9313f91c5ca3aaacbaef030cf < 31860c3f7ac66ab897a8c90dc4e74fa17ca0b624affected
LinuxLinux6e143293e17a73c9313f91c5ca3aaacbaef030cf < be1a341c161430282acdfe2ac99b413271575cf1affected
LinuxLinux6e143293e17a73c9313f91c5ca3aaacbaef030cf < e652ebd29928181c3e6820e303da25873e9917d4affected
LinuxLinux6e143293e17a73c9313f91c5ca3aaacbaef030cf < 239c15116d80f67d32f00acc34575f1a6b699613affected
LinuxLinux5.17affected
LinuxLinux0 < 5.17unaffected
LinuxLinux6.1.168 <= 6.1.*unaffected
LinuxLinux6.6.131 <= 6.6.*unaffected
LinuxLinux6.12.80 <= 6.12.*unaffected
LinuxLinux6.18.21 <= 6.18.*unaffected
LinuxLinux6.19.11 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References