CVE-2026-31520 PUBLISHED

HID: apple: avoid memory leak in apple_report_fixup()

Assigner: Linux
Reserved: 09.03.2026 Published: 22.04.2026 Updated: 22.04.2026

In the Linux kernel, the following vulnerability has been resolved:

HID: apple: avoid memory leak in apple_report_fixup()

The apple_report_fixup() function was returning a newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a sub-portion of the input rdesc, whose lifetime is managed by the caller.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to e2f090aeb7b9930a964e151910f4d45b04c8a7e5 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 2635d0c715f3fb177e0f80ecd5fa48feb6bf3884 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 31860c3f7ac66ab897a8c90dc4e74fa17ca0b624 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to be1a341c161430282acdfe2ac99b413271575cf1 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to e652ebd29928181c3e6820e303da25873e9917d4 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 239c15116d80f67d32f00acc34575f1a6b699613 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • unaffected from 6.1.168 to 6.1.* (incl.)
  • unaffected from 6.6.131 to 6.6.* (incl.)
  • unaffected from 6.12.80 to 6.12.* (incl.)
  • unaffected from 6.18.21 to 6.18.* (incl.)
  • unaffected from 6.19.11 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References