CVE-2026-31524

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak occurs in the asus report fixup() function, which returns a buffer allocated via kmemdup() without subsequently freeing it. Additionally, an out-of-bounds read exists where the function copies more data than the original descriptor size.

Recommendations Update the asus report fixup() function to use devm kzalloc() to ensure memory is automatically managed and freed upon device removal. Restrict the data copy process to only include the original descriptor size to prevent out-of-bounds reads.