CVE-2026-31520 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

HID: apple: avoid memory leak in apple_report_fixup()

The apple_report_fixup() function was returning a
newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned
pointer, but it *is* permitted to return a sub-portion of the input
rdesc, whose lifetime is managed by the caller.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/239c15116d80f67d32f00acc34575f1a6b699613
https://git.kernel.org/stable/c/2635d0c715f3fb177e0f80ecd5fa48feb6bf3884
https://git.kernel.org/stable/c/31860c3f7ac66ab897a8c90dc4e74fa17ca0b624
https://git.kernel.org/stable/c/be1a341c161430282acdfe2ac99b413271575cf1
https://git.kernel.org/stable/c/e2f090aeb7b9930a964e151910f4d45b04c8a7e5
https://git.kernel.org/stable/c/e652ebd29928181c3e6820e303da25873e9917d4

History

Wed, 22 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in apple_report_fixup() The apple_report_fixup() function was returning a newly kmemdup()-allocated buffer, but never freeing it. The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a sub-portion of the input rdesc, whose lifetime is managed by the caller.
Title		HID: apple: avoid memory leak in apple_report_fixup()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/239c15116d80f67d32f00acc34575f1a6b699613 https://git.kernel.org/stable/c/2635d0c715f3fb177e0f80ecd5fa48feb6bf3884 https://git.kernel.org/stable/c/31860c3f7ac66ab897a8c90dc4e74fa17ca0b624 https://git.kernel.org/stable/c/be1a341c161430282acdfe2ac99b413271575cf1 https://git.kernel.org/stable/c/e2f090aeb7b9930a964e151910f4d45b04c8a7e5 https://git.kernel.org/stable/c/e652ebd29928181c3e6820e303da25873e9917d4

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-22T13:54:35.534Z

Updated: 2026-04-22T13:54:35.534Z

Reserved: 2026-03-09T15:48:24.108Z

Link: CVE-2026-31520

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-22T14:16:51.770

Modified: 2026-04-22T14:16:51.770

Link: CVE-2026-31520

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T19:30:24Z

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object