Memory Leak Issue in Apple HID Driver for Linux Kernel
CVE-2026-31520

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31520?

A memory leak vulnerability exists in the Apple HID driver within the Linux Kernel, specifically in the apple_report_fixup() function. This function allocates a new buffer using kmemdup() but fails to free it appropriately, leading to potential memory management issues. The returned pointer does not require ownership by the caller, although it can deliver a sub-portion of the input rdesc, managed by the caller's context. This oversight can cause unintended resource consumption and system instability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2635d0c715f3fb177e0f80ecd5fa48feb6bf3884

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 31860c3f7ac66ab897a8c90dc4e74fa17ca0b624

References

https://git.kernel.org/stable/c/e2f090aeb7b9930a964e15191...

https://git.kernel.org/stable/c/2635d0c715f3fb177e0f80ecd...

https://git.kernel.org/stable/c/31860c3f7ac66ab897a8c90dc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31520 Data

JSON