Memory Leak Vulnerability in Linux Kernel Affecting ASUS Devices
CVE-2026-31524

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31524?

A memory leak has been identified in the Linux kernel's asus_report_fixup() function, where allocated buffers from kmemdup() were not being freed properly. This oversight needed a method ensure automatic memory management. The fix involves using devm_kzalloc() to allow proper memory allocation and deallocation when the device is removed. Additionally, an unrelated out-of-bounds read issue has been addressed by restricting the copy process to the original descriptor size.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 726765b43deb2b4723869d673cc5fc6f7a3b2059

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2e4fe6b15c2f390c023b20d728b1a3fe7ea4f973

References

https://git.kernel.org/stable/c/726765b43deb2b4723869d673...

https://git.kernel.org/stable/c/ede95cfcab8064d9a08813fbd...

https://git.kernel.org/stable/c/2e4fe6b15c2f390c023b20d72...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31524 Data

JSON