Memory Leak Vulnerability in Linux Kernel Affecting Magic Mouse Functionality
CVE-2026-31522

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31522?

A memory leak vulnerability has been identified in the Linux kernel's HID subsystem, specifically in the magicmouse_report_fixup() function. This issue arises from the allocation of a new buffer using kmemdup() that is not properly freed. Although the caller of report_fixup() is not responsible for managing the returned pointer's memory, it is allowed to return a sub-portion of the input report descriptor (rdesc), which the caller is responsible for. Failure to address this memory leak could lead to increased resource consumption and potentially impact system stability over time.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 579c4c9857acdc8380fa99803f355f878bd766cb

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7edfe4346b052b708645d0acc0f186425766b785

References

https://git.kernel.org/stable/c/579c4c9857acdc8380fa99803...

https://git.kernel.org/stable/c/d84c21aabaab517b9aaf9bc1d...

https://git.kernel.org/stable/c/7edfe4346b052b708645d0acc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31522 Data

JSON