Description
In the Linux kernel, the following vulnerability has been resolved:

HID: asus: avoid memory leak in asus_report_fixup()

The asus_report_fixup() function was returning a newly allocated
kmemdup()-allocated buffer, but never freeing it. Switch to
devm_kzalloc() to ensure the memory is managed and freed automatically
when the device is removed.

The caller of report_fixup() does not take ownership of the returned
pointer, but it is permitted to return a pointer whose lifetime is at
least that of the input buffer.

Also fix a harmless out-of-bounds read by copying only the original
descriptor size.
Published: 2026-04-22
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory leak and out‑of‑bounds read
Action: Apply Patch
AI Analysis

Impact

The asus_report_fixup() function in the Linux kernel HID driver creates a buffer with kmemdup() but never frees it, leading to a memory leak that can grow the kernel’s memory usage over time. Additionally, the code copies data from the HID descriptor without necessarily matching the descriptor’s actual size, allowing an out‑of‑bounds read that could expose sensitive kernel memory contents. The vulnerability exploits improper memory management and bounds checking and could degrade system availability or reveal confidential information.

Affected Systems

The issue affects the Linux kernel, specifically the ASUS HID driver implementation. No specific kernel release versions are cited in the advisory, so any installation of the kernel containing the unpatched asus HID driver is potentially vulnerable.

Risk and Exploitability

Based on the description, it is inferred that the flaw resides in kernel code, so it requires local execution of privileged code to trigger the memory allocation path. The CVSS score is 5.5 and the EPSS score is <1%, indicating a moderate severity with very low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. However, a persistent memory leak can impact long‑term stability, and an out‑of‑bounds read could lead to information disclosure if an attacker can craft HID descriptors to be processed by the kernel.

Generated by OpenCVE AI on April 28, 2026 at 23:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the system’s Linux kernel to a version that includes the fixed ASUS HID driver code. This is the official vendor patch and will automatically free the allocated memory using devm_kzalloc and bound the descriptor copy.
  • Reboot the machine after the kernel upgrade so the updated kernel and driver are loaded. This ensures any previously allocated buffers are reclaimed, preventing further leak accumulation.
  • Verify that the ASUS HID driver is functioning correctly and monitor system memory usage for abnormal growth; consider disabling or removing the driver for ASUS devices that are not required to reduce blast radius while awaiting an official patch or upgrade.

Generated by OpenCVE AI on April 28, 2026 at 23:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Tue, 28 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-763
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asus_report_fixup() The asus_report_fixup() function was returning a newly allocated kmemdup()-allocated buffer, but never freeing it. Switch to devm_kzalloc() to ensure the memory is managed and freed automatically when the device is removed. The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a pointer whose lifetime is at least that of the input buffer. Also fix a harmless out-of-bounds read by copying only the original descriptor size.
Title HID: asus: avoid memory leak in asus_report_fixup()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:10:27.784Z

Reserved: 2026-03-09T15:48:24.110Z

Link: CVE-2026-31524

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T14:16:52.430

Modified: 2026-04-28T18:07:48.083

Link: CVE-2026-31524

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31524 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T00:00:13Z

Weaknesses